No cipher suites in common

Mahesh_Kumar_S · October 1, 2024, 7:05pm

Hello Elastic Community,

I am facing an issue after configuring custom cipher suites for the TCP input plugin in Logstash.

Below is my configuration:

tcp{
    port => 6515
    type => syslog
    dns_reverse_lookup_enabled => false
    codec => syslog
    ssl_enable => true
    ssl_verify => false
    ssl_cert => "C:\Certificates\publickey.crt"
    ssl_key => "C:\Certificates\privatekey.key"
    ssl_key_passphrase => "abcd@1234"
    ssl_cipher_suites => [
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
        "TLS_CHACHA20_POLY1305_SHA256",
        "TLS_AES_128_GCM_SHA256",
        "TLS_AES_256_GCM_SHA384"
    ]
    ssl_verify => false
}

This configuration works correctly, but whenever I try to run the following nmap command to list the supported cipher suites:

nmap --script ssl-enum-ciphers -p 6515 localhost

I receive the following error message:

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
    at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
    ...
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530) ~[netty-codec-4.

This error appears even if I have not configured custom ssl_cipher_suites. The certificate being used is self-signed.

Could someone help identify the cause of this issue?

Thank you!

Badger · October 1, 2024, 8:06pm

Are you saying nmap logs that or logstash logs that? I assume logstash.

The ssl-enum-ciphers scripts connects to the tcp port once for each cipher/compressor it needs to test. It will very likely be testing some ciphers that logstash does not support at which point the TLS negotiation will fail because there are no cipher suites in common. So exception is expected.

To me it is a good thing that it is logged and not suppressed.

Mahesh_Kumar_S · October 3, 2024, 9:16am

@Badger How can I verify the list of ciphers I have configured is working namp command is not working here. When ever I try to run the nmap command it acts as clients and shows no common ciphers I think thats the issue.?

Badger · October 4, 2024, 2:48am

I don't think that Java exception is coming from nmap (I don't think nmap is written in Java). I think it is coming from logstash for the reasons I explained.

Topic		Replies	Views
No cipher suites in common for tcp input Logstash	2	846	January 20, 2022
TCP input: no cipher suites in common Logstash	1	553	February 16, 2018
Logstash input TCP with TLS and handshake Logstash	3	13425	January 25, 2017
Need help with SSL config Logstash	1	684	July 6, 2017
Custom TCP integration with TLS Logstash	5	165	January 16, 2024

No cipher suites in common

Related topics