Logstash and winlogbeat configure SSL, but Logstash print error message :OPENSSL_internal:WRONG_VERSION_NUMBER

Hi all,

When I configure Logstash and Winlogbeat using SSL, Logstash print error message like that:

Logstash error messages:

BeatsHandler - [local:, remote: undefined] Handling exception: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
[WARN ] 2020-04-25 20:13:41.342 [nioEventLoopGroup-2-4] DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.

winlogbeat error messages:

2020-04-26T11:02:08.337+0800 ERROR logstash/async.go:256 Failed to publish events caused by: lumberjack protocol error
2020-04-26T11:02:08.338+0800 ERROR logstash/async.go:256 Failed to publish events caused by: client is not connected
2020-04-26T11:02:10.066+0800 ERROR pipeline/output.go:121 Failed to publish events: client is not connected
2020-04-26T11:02:10.066+0800 INFO pipeline/output.go:95 Connecting to backoff(async(tcp://
2020-04-26T11:02:10.143+0800 INFO pipeline/output.go:105 Connection to backoff(async(tcp:// established
2020-04-26T11:02:10.144+0800 INFO [publisher] pipeline/retry.go:196 retryer: send unwait-signal to consumer

logstash input configuration
port => 5044
ssl => true
#ssl_certificate_authorities => ["/etc/logstash/certs/ca.pem"]
ssl_certificate => "/etc/logstash/certs/logstash.crt"
ssl_key => "/etc/logstash/certs/logstash.p8"
#ssl_verify_mode => "peer"
#ssl_verify_mode => "force_peer"
#tls_max_version => 1.2
#tls_min_version => 1.2
port => 514

winlogbeat configuration
#----------------------------- Logstash output --------------------------------

The Logstash hosts

hosts: [""]
ssl.enabled: true

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

ssl.certificate_authorities: C:\Program Files\winlogbeat\certs\ca.pem

Certificate for SSL client authentication

ssl.certificate: C:\Program Files\winlogbeat\certs\winlogbeat.crt

Client Certificate Key

ssl.key: C:\Program Files\winlogbeat\certs\winlogbeat.key
verification_mode : none
supported_protocols: "TLSv1.2"

C:\Program Files\winlogbeat>winlogbeat.exe test output
parse host... OK
dns lookup... OK
dial up... OK
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK

any fixes to this yet?? Im having same wrong version issue. but my logs are sending. im seeing them in kibana but im getting this error in logstash log?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.