> On Fri, June 2, 2023 10:07 am, Andre Lorbach wrote: > >> -----Original Message----- > >> From: Derek Atkins <de...@ihtfp.com> > >> Sent: Freitag, 2. Juni 2023 15:27 > >> To: alorb...@adiscon.com > >> Cc: rsyslog-users <rsyslog@lists.adiscon.com>; Derek Atkins > >> <de...@ihtfp.com> > >> Subject: RE: [rsyslog] Omfwd OpenSSL TLS fails on 2023.04.0 > >> > >> > >> I'm not using client-authentication, which is why there is no client > >> cert. > >> Not sure why you consider it "unusual". But that's not the error I > >> am concerned about. > > > > That is ok, but you will only have anon ciphers if you do not use a > > client side certificate. > > Yes, I know -- but setting up the client certs would be an added overhead > to > the system.
You could use the same client certificate on all clients, it's not that uncommon. > >> > Regarding the SSL_ERROR_SYSCALL, it indicates a lower system level > >> > error which is 104 in your case. 104 means "Connection Reset by > >> > peer", so most likely the server dropped the client during > >> > handshake for some > >> reason. > >> > To tell more I would have to see debug log from the server. > >> > >> I wonder if there was some middleware that was doing something? I > >> used "openssl s_client" to connect to the server and it worked, and > >> shortly thereafter rsyslog started working too. > > > > Indeed, that's odd. If it happens again, I would be interested in the > > server-side error logged at the same time. > > Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: SSL_ERROR_SYSCALL Error in > 'osslRecordRecv': 'error:00000005:lib(0):func(0):DH lib(5)' with ret=-1, > errno=104, sslapi='SSL_read' [v8.2208.0] Jun 1 12:56:33 ip-172-31-18-117 > rsyslogd: netstream session > 0x7fe3f411f3b0 from <source> will be closed due to error [v8.2208.0] Jun > 1 > 12:56:33 ip-172-31-18-117 rsyslogd: SSL_ERROR_SSL Error in > 'osslEndSess': 'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1, > errno=0, sslapi='SSL_shutdown' [v8.2208.0] Jun 1 12:56:33 ip-172-31-18- > 117 rsyslogd: nsd_ossl:OpenSSL Error Stack: > error:140E0197:SSL routines:SSL_shutdown:shutdown while in init > [v8.2208.0] Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: nsd_ossl: TLS > session > terminated successfully to remote syslog server '<source>' with SSL Error > '-1': End Session [v8.2208.0] Is that from Server? I would expect an error about failed finding a shared cipher. That looks like a NON-TLS Connection attempt. Best regards, Andre Lorbach -- Adiscon GmbH Mozartstr. 21 97950 Großrinderfeld, Germany Ph. +49-9349-9298530 Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB 560610 Ust.-IDNr.: DE 81 22 04 622 Web: www.adiscon.com - Mail: i...@adiscon.com Informations regarding your data privacy policy can be found here: https://www.adiscon.com/data-privacy-policy/ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren und die unbefugte Weitergabe dieser E-Mail sind nicht gestattet. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
