SSL Issue - Unknown SSL protocol error in connection

[danielkasen]

Using version 6.4.0
I can't get SSL to work properly. The input comes up and listens on the port, but when I try to hit it I get Unknown SSL protocol error in connection So then I tried to see if the Key/crt is responding correctly openssl s_client -connect $(hostname -f):5054 -status and see that no certificate or key responds:

write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 304 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

This is my Config:

input {
    http {
        port => "5054"
        user => "test"
        password => "test1234"
        ssl => true
        ssl_key => "/etc/logstash/certs/server.key"
        ssl_certificate => "/etc/logstash/certs/server.crt"
    }
}

I notice the doc states this should be a pcks#8 (not sure why #12 isn't allowed since the reset of ELK uses it) but even after converting the key I cannot get a response.

[danielkasen]

So, not sure if this a bug on my part of an issue with poor logging for the plugin. But after some tweaking I was able to make it work:

input {
    http {
        port => "5054"
        user => "test"
        password => "test1234"
        ssl => true
        ssl_key => "/etc/logstash/certs/new.key"
        ssl_certificate => "/etc/logstash/certs/server.crt"
        ssl_key_passphrase => ""
        ssl_certificate_authorities => "/usr/local/share/ca-certificates/ca.crt"
        ssl_verify_mode => peer
    }
}```

Is there any thoughts about allowing pcks#12 to work here? All my self signed keys are in this format already and now this is just 1 more thing.

[jsvd]

I'm guessing that you had to convert the key from pkcs1 to pkcs8.

We should likely support pkcs1, 8 and 12, prs welcome :)