Hi All,
we configured a logstash instance to reach all the messages from some metricbeat instance with TLS 1.2 and a self signed certicate. The configuration is:
input {
beats {
port => 5044
ssl => "true"
ssl_certificate_authorities => ["/etc/logstash/extras/certs/chained.pem"]
ssl_certificate => "/etc/logstash/extras/certs/elk01.pem"
ssl_key => "/etc/logstash/extras/certs/elk01.key"
ssl_verify_mode => "force_peer"
tls_min_version => "1.2"
}
}
We tried to configure metricbeat with the same certificates on a remote servers with this configuration:
output.logstash:
enabled: true
hosts: ["elk01:5044"]
worker: 1
compression_level: 3
loadbalance: false
pipelining: 2
ssl.enabled: true
ssl.supported_protocols: [TLSv1.2]
ssl.certificate_authorities: ["/root/logspout/ca-certs/chained.pem"]
ssl.certificate: "/root/logspout/certs/elk01.cert"
ssl.key: "/root/logspout/certs/elk01.key"
ssl.verification_mode: full
After the startup we received these errors.
2017-07-14T13:40:12+02:00 INFO metricbeat start running.
2017-07-14T13:40:12+02:00 WARN BETA: feature dynamic configuration reloading is enabled.
2017-07-14T13:40:12+02:00 INFO Config reloader started
2017-07-14T13:40:12+02:00 INFO Stopping 0 runners ...
2017-07-14T13:40:12+02:00 INFO Starting 0 runners ...
2017-07-14T13:40:12+02:00 INFO Loading of config files completed.
2017-07-14T13:40:12+02:00 ERR Connect failed with: remote error: tls: internal error
2017-07-14T13:40:13+02:00 ERR Connect failed with: remote error: tls: internal error
2017-07-14T13:40:15+02:00 ERR Connect failed with: remote error: tls: internal error
We check the chained.pem with openssl s_client and all seems ok:
openssl s_client -connect elk01:5044 -prexit -showcerts -CAfile chained.pem -tls1_2
CONNECTED(00000003)
...
verify return:1
140372287965088:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40
140372287965088:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
Certificate chain
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
...
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2507 bytes and written 138 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 0BA47D649604C53385AD31274BF04108562002284FEEF279A68C62FA77807596
Session-ID-ctx:
Master-Key: B3C26C3D143ADA0F2321894719EFF9A0F35ECD865337C77D8ACA61EB611F9CD8FFECC4B53381995A144EB484894DC214
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1500032584
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
---
Certificate chain
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
...
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2507 bytes and written 138 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 0BA47D649604C53385AD31274BF04108562002284FEEF279A68C62FA77807596
Session-ID-ctx:
Master-Key: B3C26C3D143ADA0F2321894719EFF9A0F35ECD865337C77D8ACA61EB611F9CD8FFECC4B53381995A144EB484894DC214
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1500032584
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Could you help us to debug this issue?
Thanks,
Marcello