tn-mikel
August 5, 2019, 7:53pm
1
Hello, I am trying to use the HTTP_Poller v5.0.1 to contact the CloudFlare API to pull some traffic and security logs. However, when calling the URI, Cloudflare API complains that the version of TLS I am using is only 1.0. Is there a way to force the poller to use TLS1.2?
Logstash Config
input {
http_poller {
urls => {
cf_waf_test => {
method => get
url => ####
headers => {
"Content-Type" => "application/json"
"X-Auth-Email" => "####"
"X-Auth-Key" => "####"
}
}
}
request_timeout => 60
schedule => { "every" => "5m" }
tags => ["Cloudflare-WAF-Logs"]
}
}
Error Message
Cloudflare does not support deprecated TLS versions for security reasons. Please upgrade your client to TLS 1.2 or greater. See https://blog.cloudflare.com/deprecating-old-tls-versions-on-cloudflare-dashboard-and-api/ for more details.
Badger
August 5, 2019, 8:23pm
2
Which JRE are you using (vendor and version)?
tn-mikel
August 5, 2019, 8:40pm
3
Hey, here is a dump from java -version
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 8.0.5.10 - pxa6480sr5fp10-20180214_01(SR5 FP10))
IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20180208_37 8436 (JIT enabled, AOT enabled)
OpenJ9 - 39bb844
OMR - c04ccb2
IBM - 2321a81)
JCL - 20180209_01 based on Oracle jdk8u161-b12
Badger
August 5, 2019, 9:07pm
4
Elastic do not support any version of J9. That said, I have run with it in the past and had no problems.
Does adding -Dcom.ibm.jsse2.overrideDefaultTLS=true to jvm.options help?
tn-mikel
August 6, 2019, 3:09am
5
Hey, such a simple oversight on my part. I switched to java-1.8.0-openjdk-devel and everything works perfectly now. Thanks for you help!
system
September 3, 2019, 3:09am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.