No cipher suites in common for tcp input

Jason_Woodrich · June 14, 2016, 5:20pm

I'm trying to configure a tcp syslog input with SSL support and running into some problems. I've installed logstash 2.3.2 using the RPM from the Elastic site. Below is my configuration:

input { tcp { port => 5425 type => syslog ssl_enable => true ssl_key => "/etc/logstash/logstash-ssl.pem" ssl_cert => "/etc/logstash/logstash-ssl.crt" ssl_verify => false ssl_extra_chain_certs => [ "/etc/logstash/logstash-ssl.chain.1", "/etc/logstash/logstash-ssl.chain.2", "/etc/logstash/logstash-ssl.chain.3", "/etc/logstash/logstash-ssl.chain.4" ] } }

The certificate checks out when I do a verify using openssl s_client -connect and -verify, but it's not able to find any common cipher suites:

{:timestamp=>"2016-06-14T15:10:38.825000+0000", :message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: no cipher suites in common>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:272:in 'accept'", "/opt/logstash/vendor/bundle/j ruby/1.9/gems/jruby-openssl-0.9.13-java/lib/jopenssl19/openssl/ssl-internal.rb:106:in 'accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:112:in 'run_server'", "/opt/logstash/vendor/ bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:84:in 'run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.2-java/lib/logstash/pipeline.rb:331:in 'inputworker'", "/opt/logstash/vendor/bundle/jru by/1.9/gems/logstash-core-2.2.2-java/lib/logstash/pipeline.rb:325:in 'start_input'"], :level=>:error, :file=>"logstash/inputs/tcp.rb", :line=>"117", :method=>"run_server"}

Using sslscan I'm not seeing any supported ciphers:

Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009

Testing SSL server  on port 5425

Supported Server Cipher(s):

Prefered Server Cipher(s):

I don't see anything on the tcp input page regarding cipher configuration. Is there something I'm missing?

Thanks,
Jason

Toby-Elastic · January 20, 2022, 9:12am

Although this is an ancient topic, it still pops up in search engines (sorry for bumping). The Logstash TCP input plugin does indeed not support custom ciphers as of now. This enhancement is being discussed at Parameter for SSL Version · Issue #127 · logstash-plugins/logstash-input-tcp · GitHub.

To find out which ciphers your Logstash installation supports, you can run the below command on the Logstash system and then compare it to the list of available ciphers of the other side: /bin/ruby -r openssl -e 'puts OpenSSL::Cipher.ciphers.map(&:upcase).sort.uniq'

Topic		Replies	Views
No cipher suites in common Logstash	3	21	October 4, 2024
[Logstash] SSL TCP input certificate issue Logstash	2	397	April 20, 2023
Logstash input TCP with TLS and handshake Logstash	3	13400	January 25, 2017
Configure tcp input to accept syslog over ssl Logstash	6	1238	July 23, 2020
Use SSL with logstash syslog input plugin Logstash	3	2996	May 12, 2020

No cipher suites in common for tcp input

Related Topics