I'm trying to configure a tcp syslog input with SSL support and running into some problems. I've installed logstash 2.3.2 using the RPM from the Elastic site. Below is my configuration:
input { tcp { port => 5425 type => syslog ssl_enable => true ssl_key => "/etc/logstash/logstash-ssl.pem" ssl_cert => "/etc/logstash/logstash-ssl.crt" ssl_verify => false ssl_extra_chain_certs => [ "/etc/logstash/logstash-ssl.chain.1", "/etc/logstash/logstash-ssl.chain.2", "/etc/logstash/logstash-ssl.chain.3", "/etc/logstash/logstash-ssl.chain.4" ] } }
The certificate checks out when I do a verify using openssl s_client -connect and -verify, but it's not able to find any common cipher suites:
{:timestamp=>"2016-06-14T15:10:38.825000+0000", :message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: no cipher suites in common>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:272:in 'accept'", "/opt/logstash/vendor/bundle/j ruby/1.9/gems/jruby-openssl-0.9.13-java/lib/jopenssl19/openssl/ssl-internal.rb:106:in 'accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:112:in 'run_server'", "/opt/logstash/vendor/ bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:84:in 'run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.2-java/lib/logstash/pipeline.rb:331:in 'inputworker'", "/opt/logstash/vendor/bundle/jru by/1.9/gems/logstash-core-2.2.2-java/lib/logstash/pipeline.rb:325:in 'start_input'"], :level=>:error, :file=>"logstash/inputs/tcp.rb", :line=>"117", :method=>"run_server"}
Using sslscan I'm not seeing any supported ciphers:
Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009
Testing SSL server on port 5425
Supported Server Cipher(s):
Prefered Server Cipher(s):
I don't see anything on the tcp input page regarding cipher configuration. Is there something I'm missing?
Thanks,
Jason