Sorry for the formatting errors. Hello,I am trying to send syslog events from centos 7 running rsyslog 8.24 to NiFi ListenSyslog processor. I have created the required certs and placed them in rsyslog and NiFi keystore. My issue is that the TLS connection is not working. Here is my rsyslog configuration:
#TLS setup $DefaultNetstreamDriver gtls # use gtls netstream driver $DefaultNetstreamDriverCAFile /root/rsyslog/ca.pem $DefaultNetstreamDriverCertFile /root/rsyslog/deleteme-rsyslog-client-cert.pem $DefaultNetstreamDriverKeyFile /root/rsyslog/deleteme-rsyslog-client-key.pem $ActionSendStreamDriverMode 1 # run driver in TLS-only mode $ActionSendStreamDriverAuthMode anon # server is NOT authenticated $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down *.* @@192.168.0.126:6514;RSYSLOG_SyslogProtocol23Format I have a JKS with the CA cert and the server public/private keys that is loaded into NiFi. The error I am seeing on the rsyslog side is: Jun 26 13:22:01 fluentd rsyslogd: unexpected GnuTLS error -110 in nsd_gtls.c:1755: The TLS connection was non-properly terminated. [v8.24.0 try http://www.rsyslog.com/e/2078 ] The error on the NiFi side is: 2018-06-26 11:32:47,139 ERROR [pool-46-thread-2] o.a.n.r.io.socket.ssl.SSLSocketChannel org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel@342539b8 Failed to connect due to {} javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.performHandshake(SSLSocketChannel.java:210) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.connect(SSLSocketChannel.java:163) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:552) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:545) at org.apache.nifi.processor.util.listen.handler.socket.SSLSocketChannelHandler.run(SSLSocketChannelHandler.java:76) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1115) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:807) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:228) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.performTasks(SSLSocketChannel.java:273) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.performHandshake(SSLSocketChannel.java:259) ... 7 common frames omitted 2018-06-26 11:32:47,140 ERROR [pool-46-thread-2] o.a.n.processors.standard.ListenSyslog ListenSyslog[id=01641000-173f-1aa4-f5da-bff8f278184d] Error reading from channel due to Inbound closed before receiving peer's close_notify: possible truncation attack?: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.connect(SSLSocketChannel.java:177) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:552) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:545) at org.apache.nifi.processor.util.listen.handler.socket.SSLSocketChannelHandler.run(SSLSocketChannelHandler.java:76) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) I recognize that NiFi is saying that no cipher suites in common, but I have not found a way to adjust cipher suites in rsyslog. I was able to setup HA proxy SSL termination with the same certificates and the traffic worked just fine. I wanted to use the StandardSSLContextService 1.6.0 instead of the StandardRestrictedSSLContextService 1.6.0 Any thoughts? -- Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
