Hi, On Fri, June 2, 2023 9:17 am, Andre Lorbach wrote: > Hi, > > There has been no change on nsd_ossl.c driver since January 2023, so I > believe this is not related to the different rsyslog versions you are > running. > The warnings tell you, that there is no client certificate configured > which > can be ok but unusual in this setup. The get rid of them I would recommend > configuring a client certificate as well.
I'm not using client-authentication, which is why there is no client cert. Not sure why you consider it "unusual". But that's not the error I am concerned about. > > Regarding the SSL_ERROR_SYSCALL, it indicates a lower system level error > which is 104 in your case. 104 means "Connection Reset by peer", so most > likely the server dropped the client during handshake for some reason. > To tell more I would have to see debug log from the server. I wonder if there was some middleware that was doing something? I used "openssl s_client" to connect to the server and it worked, and shortly thereafter rsyslog started working too. Strange, but still disconcerting. Thanks, -derek > > Best regards, > Andre Lorbach > -- > Adiscon GmbH > Mozartstr. 21 > 97950 Großrinderfeld, Germany > Ph. +49-9349-9298530 > Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB > 560610 > Ust.-IDNr.: DE 81 22 04 622 > Web: www.adiscon.com - Mail: i...@adiscon.com > > Informations regarding your data privacy policy can be found here: > https://www.adiscon.com/data-privacy-policy/ > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient or have received this e-mail in error > please > notify the sender immediately and delete this e-mail. Any unauthorized > copying, disclosure or distribution of the material in this e-mail is > strictly forbidden. > >> -----Original Message----- >> From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of Derek >> Atkins >> via rsyslog >> Sent: Donnerstag, 1. Juni 2023 14:45 >> To: rsyslog@lists.adiscon.com >> Cc: Derek Atkins <de...@ihtfp.com> >> Subject: [rsyslog] Omfwd OpenSSL TLS fails on 2023.04.0 >> >> Hi, >> >> I've been using RSyslog to accumulate and aggregate messages in an >> intermediary and then send them to another server. This intermediary >> runs >> rsyslog with an Omfwd rule and uses OpenSSL to connect to the main >> server. >> I've been running with this configuration for a while and it's been >> working just >> fine for a while with the same configuration. >> >> I've got one intermediary running 8.2302.0 and it works just fine, but >> another >> one that is running 8.2304.0 is failing with the following repeating >> logs: >> >> May 31 16:12:51 DIA-SLHS rsyslogd: Warning: Certificate file is not set >> [v8.2304.0 try https://www.rsyslog.com/e/2330 ] May 31 16:12:51 DIA- >> SLHS rsyslogd: Warning: Key file is not set [v8.2304.0 try >> https://www.rsyslog.com/e/2331 ] May 31 16:12:51 DIA-SLHS rsyslogd: >> nsd_ossl: TLS Connection initiated with remote syslog server. >> [v8.2304.0] >> May >> 31 16:12:51 DIA-SLHS rsyslogd: SSL_ERROR_SYSCALL Error in >> 'osslHandshakeCheck Client': 'error:00000005:lib(0):func(0):DH lib(5)' >> with ret=-1, errno=104, sslapi='SSL_do_handshake' [v8.2304.0] >> >> The rsyslog omfwd rule says: >> >> action(type="omfwd" >> protocol="tcp" >> StreamDriver="ossl" >> StreamDriverAuthMode="x509/certvalid" >> StreamDriverMode="1" >> StreamDriver.CAFile="/etc/ssl/certs/rsyslog_ca_cert.pem" >> target="<log server>" >> port="6514" >> gnutlsPriorityString="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1 >> MinProtocol=TLSv1.2" >> template="<my template>" >> ) >> >> If it matters, I also have an input imtcp rule with openssl turned on, >> but >> that >> appears to be working just fine and I'm getting data into the >> intermediary. >> >> Is there some way to better debug why the omfwd is not working? >> >> Thanks, >> >> -derek >> >> -- >> Derek Atkins 617-623-3745 >> de...@ihtfp.com www.ihtfp.com >> Computer and Internet Security Consultant >> >> _______________________________________________ >> rsyslog mailing list >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: >> This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites >> beyond >> our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
