Logstash and winlogbeat configure SSL, but Logstash print error message :OPENSSL_internal:WRONG_VERSION_NUMBER

George_Wang1 · April 26, 2020, 3:31am

Hi all,

When I configure Logstash and Winlogbeat using SSL, Logstash print error message like that:
OPENSSL_internal:WRONG_VERSION_NUMBER

Logstash error messages：

BeatsHandler - [local: 0.0.0.0:5044, remote: undefined] Handling exception: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
[WARN ] 2020-04-25 20:13:41.342 [nioEventLoopGroup-2-4] DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.

winlogbeat error messages：

2020-04-26T11:02:08.337+0800 ERROR logstash/async.go:256 Failed to publish events caused by: lumberjack protocol error
2020-04-26T11:02:08.338+0800 ERROR logstash/async.go:256 Failed to publish events caused by: client is not connected
2020-04-26T11:02:10.066+0800 ERROR pipeline/output.go:121 Failed to publish events: client is not connected
2020-04-26T11:02:10.066+0800 INFO pipeline/output.go:95 Connecting to backoff(async(tcp://192.168.66.105:5044))
2020-04-26T11:02:10.143+0800 INFO pipeline/output.go:105 Connection to backoff(async(tcp://192.168.66.105:5044)) established
2020-04-26T11:02:10.144+0800 INFO [publisher] pipeline/retry.go:196 retryer: send unwait-signal to consumer

George_Wang1 · April 26, 2020, 3:32am

logstash input configuration
input{
beats{
port => 5044
ssl => true
#ssl_certificate_authorities => ["/etc/logstash/certs/ca.pem"]
ssl_certificate => "/etc/logstash/certs/logstash.crt"
ssl_key => "/etc/logstash/certs/logstash.p8"
#ssl_verify_mode => "peer"
#ssl_verify_mode => "force_peer"
#tls_max_version => 1.2
#tls_min_version => 1.2
}
syslog{
port => 514
}
}

George_Wang1 · April 26, 2020, 3:33am

winlogbeat configuration
#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["192.168.66.105:5044"]
ssl.enabled: true

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

ssl.certificate_authorities: C:\Program Files\winlogbeat\certs\ca.pem

Certificate for SSL client authentication

ssl.certificate: C:\Program Files\winlogbeat\certs\winlogbeat.crt

Client Certificate Key

ssl.key: C:\Program Files\winlogbeat\certs\winlogbeat.key
verification_mode : none
supported_protocols: "TLSv1.2"

George_Wang1 · April 26, 2020, 3:33am

C:\Program Files\winlogbeat>winlogbeat.exe test output
logstash: 192.168.66.105:5044...
connection...
parse host... OK
dns lookup... OK
addresses: 192.168.66.105
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK

sbagciva · April 27, 2020, 4:36pm

any fixes to this yet?? Im having same wrong version issue. but my logs are sending. im seeing them in kibana but im getting this error in logstash log?

system · May 25, 2020, 4:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Don't understand WRONG_VERSION_NUMBER errors Logstash	1	1533	October 17, 2018
ERROR logstash/async.go:256 Failed to publish events caused by: lumberjack protocol error & client is not connected Logstash	1	1113	December 4, 2019
SSL: routines:OPENSSL_internal:WRONG_VERSION_NUMBER Elasticsearch	3	9723	December 24, 2018
Secure Filebeat to Logstash Logstash	2	2547	September 5, 2018
Unable to setup SSL connection from Filebeat to Logstash Logstash	1	1915	March 6, 2018