TL;DR
Using ssl_verify_mode => "none"
in input.beats
not functioning as expected; should allow unverified SSL connections, but doesn't.
The rest of the story...
I'm using SSL-enabled input.beat
in my logstash.conf, which is written as follows:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/ssl/elk/cert.pem"
ssl_certificate_authorities => [
"/etc/ssl/elk/ca_root.pem",
"/etc/ssl/elk/ca_int.pem"
]
ssl_key => "/etc/ssl/elk/key-p8.pem"
ssl_verify_mode => "none"
}
}
When I configure a beat with the following, it connects:
output:
logstash:
index: metricbeat
hosts:
- logstash:5044
ssl:
enabled: true
verification_mode: none
certificate: /etc/ssl/elk/cert.pem
certificate_authorities:
- /etc/ssl/elk/ca_root.pem
- /etc/ssl/elk/ca_int.pem
key: /etc/ssl/elk/key-p8.pem
However, when I commment out the following lines:
output:
logstash:
index: metricbeat
hosts:
- logstash:5044
ssl:
enabled: true
verification_mode: none
# certificate: /etc/ssl/elk/cert.pem
# certificate_authorities:
# - /etc/ssl/elk/ca_root.pem
# - /etc/ssl/elk/ca_int.pem
# key: /etc/ssl/elk/key-p8.pem
I get the following error in the log:
2020-02-19T15:39:42.315Z ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://logstash:5044)): remote error: tls: handshake failure
Based on my understanding, ssl_verify_mode => "none"
means that there is no client verification; the input should accept all connection requests via SSL.