No cipher suites in common for tcp input

Jason_Woodrich · June 14, 2016, 5:20pm

I'm trying to configure a tcp syslog input with SSL support and running into some problems. I've installed logstash 2.3.2 using the RPM from the Elastic site. Below is my configuration:

input { tcp { port => 5425 type => syslog ssl_enable => true ssl_key => "/etc/logstash/logstash-ssl.pem" ssl_cert => "/etc/logstash/logstash-ssl.crt" ssl_verify => false ssl_extra_chain_certs => [ "/etc/logstash/logstash-ssl.chain.1", "/etc/logstash/logstash-ssl.chain.2", "/etc/logstash/logstash-ssl.chain.3", "/etc/logstash/logstash-ssl.chain.4" ] } }

The certificate checks out when I do a verify using openssl s_client -connect and -verify, but it's not able to find any common cipher suites:

{:timestamp=>"2016-06-14T15:10:38.825000+0000", :message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: no cipher suites in common>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:272:in 'accept'", "/opt/logstash/vendor/bundle/j ruby/1.9/gems/jruby-openssl-0.9.13-java/lib/jopenssl19/openssl/ssl-internal.rb:106:in 'accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:112:in 'run_server'", "/opt/logstash/vendor/ bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:84:in 'run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.2-java/lib/logstash/pipeline.rb:331:in 'inputworker'", "/opt/logstash/vendor/bundle/jru by/1.9/gems/logstash-core-2.2.2-java/lib/logstash/pipeline.rb:325:in 'start_input'"], :level=>:error, :file=>"logstash/inputs/tcp.rb", :line=>"117", :method=>"run_server"}

Using sslscan I'm not seeing any supported ciphers:

Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009

Testing SSL server  on port 5425

Supported Server Cipher(s):

Prefered Server Cipher(s):

I don't see anything on the tcp input page regarding cipher configuration. Is there something I'm missing?

Thanks,
Jason

Toby-Elastic · January 20, 2022, 9:12am

Although this is an ancient topic, it still pops up in search engines (sorry for bumping). The Logstash TCP input plugin does indeed not support custom ciphers as of now. This enhancement is being discussed at Parameter for SSL Version · Issue #127 · logstash-plugins/logstash-input-tcp · GitHub.

To find out which ciphers your Logstash installation supports, you can run the below command on the Logstash system and then compare it to the list of available ciphers of the other side: /bin/ruby -r openssl -e 'puts OpenSSL::Cipher.ciphers.map(&:upcase).sort.uniq'