After upgrading the logstash version from 5.6.16 to 6.8, the logstash tcp plugin from 4.2.2 to 5.2.2
After upgrade, we do see the following errors in the logstash logs:
[2021-04-16T01:14:50,392][ERROR][logstash.inputs.tcp ] Error in Netty pipeline: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000418:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNKNOWN_CA
The configuration for tcp input plugin is as follows:
# 08-input-tls-syslog-6514.conf
# This expects TLS syslog input on port 6514.
input {
tcp {
id => tls_syslog
tags => [ "input_tls", "syslog" ]
port => 6514
ssl_enable => true
ssl_cert => "/etc/pki/XXXX/sand-006-green.crt"
ssl_extra_chain_certs => ["/etc/pki/XXXX/ca-bundle.crt", "/etc/pki/XXXX/XXXX-hosts-naw01.crt" ]
ssl_key => "/etc/pki/XXXX/sand-006-green.key"
ssl_verify => false
codec => plain {
charset => "ISO8859-16"
}
}
}
The same configuration worked fine with logstash version 5.6.16.
Based on the changelogs for the http tcp plugin, no changes were needed during the upgrade of the plugin version from 4.2.2 to 5.2.2