HI,
On Fri, June 2, 2023 10:07 am, Andre Lorbach wrote:
>> -----Original Message-----
>> From: Derek Atkins <de...@ihtfp.com>
>> Sent: Freitag, 2. Juni 2023 15:27
>> To: alorb...@adiscon.com
>> Cc: rsyslog-users <rsyslog@lists.adiscon.com>; Derek Atkins
>> <de...@ihtfp.com>
>> Subject: RE: [rsyslog] Omfwd OpenSSL TLS fails on 2023.04.0
>>
>>
>> I'm not using client-authentication, which is why there is no client
>> cert.
>> Not sure why you consider it "unusual". But that's not the error I am
>> concerned about.
>
> That is ok, but you will only have anon ciphers if you do not use a client
> side certificate.
Yes, I know -- but setting up the client certs would be an added overhead
to the system.
>> > Regarding the SSL_ERROR_SYSCALL, it indicates a lower system level
>> > error which is 104 in your case. 104 means "Connection Reset by peer",
>> > so most likely the server dropped the client during handshake for some
>> reason.
>> > To tell more I would have to see debug log from the server.
>>
>> I wonder if there was some middleware that was doing something? I used
>> "openssl s_client" to connect to the server and it worked, and shortly
>> thereafter rsyslog started working too.
>
> Indeed, that's odd. If it happens again, I would be interested in the
> server-side error logged at the same time.
Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: SSL_ERROR_SYSCALL Error in
'osslRecordRecv': 'error:00000005:lib(0):func(0):DH lib(5)' with ret=-1,
errno=104, sslapi='SSL_read' [v8.2208.0]
Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: netstream session
0x7fe3f411f3b0 from <source> will be closed due to error [v8.2208.0]
Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: SSL_ERROR_SSL Error in
'osslEndSess': 'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1,
errno=0, sslapi='SSL_shutdown' [v8.2208.0]
Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: nsd_ossl:OpenSSL Error Stack:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
[v8.2208.0]
Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: nsd_ossl: TLS session
terminated successfully to remote syslog server '<source>' with SSL Error
'-1': End Session [v8.2208.0]
-derek
--
Derek Atkins 617-623-3745
de...@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
