[graylog2] Problems using signed certificates in TLS input

clifford sanders Thu, 10 Dec 2015 02:44:23 -0800

Hi,

I'm configuring NXLog to transport log data with TLS to Graylog.


This works if I use the selfsigned certificate created by Graylog.

But if I use our signed certificate I get these errors:

2015-12-10 10:31:38 INFO remote socket was closed during SSL handshake
2015-12-10 10:31:38 INFO reconnecting in 1 seconds
2015-12-10 10:31:38 INFO connecting to logging.host.com:12203
2015-12-10 10:31:38 INFO successfully connected to logging.host.com:12203
2015-12-10 10:31:38 INFO reconnecting in 1 seconds
2015-12-10 10:31:38 ERROR SSL error, SSL_ERROR_SYSCALL: retval -1, errno: 
104;Connection reset by peer
2015-12-10 10:31:38 INFO reconnecting in 2 seconds
2015-12-10 10:31:38 INFO connecting to logging.host.com:12203
2015-12-10 10:31:38 INFO successfully connected to logging.host.com:12203
2015-12-10 10:31:38 INFO reconnecting in 1 seconds
2015-12-10 10:31:38 ERROR SSL error, SSL_ERROR_SYSCALL: retval -1, errno: 
104;Connection reset by peer
2015-12-10 10:31:38 INFO reconnecting in 2 seconds
2015-12-10 10:31:38 INFO connecting to logging.host.com:12203
2015-12-10 10:31:38 INFO successfully connected to logging.host.com:12203

I tried to debug the problem with the openssl client:

$ openssl s_client -debug -connect logging.host.com:12203 -msg

CONNECTED(00000003)
write to 0x227d610 [0x227d690] (298 bytes => 298 (0x12A))
0000 - 16 03 01 01 25 01 00 01-21 03 03 56 69 52 35 92   ....%...!..ViR5.
0010 - a6 9d e5 ff 7f 27 03 95-60 98 d6 1f ae d2 d7 fd   .....'..`.......
0020 - 0a d2 0c 41 b8 19 79 ed-5c 79 af 00 00 88 c0 30   ...A..y.\y.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b   .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a   .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 12   .&.......=.5....
0060 - c0 08 00 16 00 13 c0 0d-c0 03 00 0a c0 2f c0 2b   ............./.+
0070 - c0 27 c0 23 c0 13 c0 09-00 a2 00 9e 00 67 00 40   .'.#.........g.@
0080 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 31 c0 2d   .3.2.....E.D.1.-
0090 - c0 29 c0 25 c0 0e c0 04-00 9c 00 3c 00 2f 00 96   .).%.......<./..
00a0 - 00 41 c0 11 c0 07 c0 0c-c0 02 00 05 00 04 00 15   .A..............
00b0 - 00 12 00 09 00 ff 02 01-00 00 6f 00 0b 00 04 03   ..........o.....
00c0 - 00 01 02 00 0a 00 34 00-32 00 0e 00 0d 00 19 00   ......4.2.......
00d0 - 0b 00 0c 00 18 00 09 00-0a 00 16 00 17 00 08 00   ................
00e0 - 06 00 07 00 14 00 15 00-04 00 05 00 12 00 13 00   ................
00f0 - 01 00 02 00 03 00 0f 00-10 00 11 00 23 00 00 00   ............#...
0100 - 0d 00 22 00 20 06 01 06-02 06 03 05 01 05 02 05   ..". ...........
0110 - 03 04 01 04 02 04 03 03-01 03 02 03 03 02 01 02   ................
0120 - 02 02 03 01 01 00 0f 00-01 01                     ..........
>>> TLS 1.2 Handshake [length 0125], ClientHello
    01 00 01 21 03 03 56 69 52 35 92 a6 9d e5 ff 7f
    27 03 95 60 98 d6 1f ae d2 d7 fd 0a d2 0c 41 b8
    19 79 ed 5c 79 af 00 00 88 c0 30 c0 2c c0 28 c0
    24 c0 14 c0 0a 00 a3 00 9f 00 6b 00 6a 00 39 00
    38 00 88 00 87 c0 32 c0 2e c0 2a c0 26 c0 0f c0
    05 00 9d 00 3d 00 35 00 84 c0 12 c0 08 00 16 00
    13 c0 0d c0 03 00 0a c0 2f c0 2b c0 27 c0 23 c0
    13 c0 09 00 a2 00 9e 00 67 00 40 00 33 00 32 00
    9a 00 99 00 45 00 44 c0 31 c0 2d c0 29 c0 25 c0
    0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 c0 11 c0
    07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00
    ff 02 01 00 00 6f 00 0b 00 04 03 00 01 02 00 0a
    00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18
    00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14
    00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03
    00 0f 00 10 00 11 00 23 00 00 00 0d 00 22 00 20
    06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02
    04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01
    00 0f 00 01 01
read from 0x227d610 [0x2282bf0] (7 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 298 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Adding the parameters -servername and -ssl3 as suggested in some 
postings/blogs didn't help.

What could be the problem?

Setup:
We are using an EC2 instance which was originally setup using an Graylog 
AMI and then upgraded to version 1.3.0 using the tarballs.

Thanks

Clifford

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5034e492-be39-41d8-9c3e-1ad275ef3ae2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Problems using signed certificates in TLS input

Reply via email to