> -----Original Message----- > From: Derek Atkins <de...@ihtfp.com> > Sent: Montag, 5. Juni 2023 14:00 > To: Rainer Gerhards <rgerha...@hq.adiscon.com> > Cc: rsyslog-users <rsyslog@lists.adiscon.com>; alorb...@adiscon.com; Derek > Atkins <de...@ihtfp.com> > Subject: Re: [rsyslog] Omfwd OpenSSL TLS fails on 2023.04.0 > > > >> Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: SSL_ERROR_SYSCALL Error in > >> 'osslRecordRecv': 'error:00000005:lib(0):func(0):DH lib(5)' with > >> ret=-1, errno=104, sslapi='SSL_read' [v8.2208.0] Jun 1 12:56:33 > >> ip-172-31-18-117 > >> rsyslogd: netstream session > >> 0x7fe3f411f3b0 from <source> will be closed due to error [v8.2208.0] > >> Jun > >> 1 > >> 12:56:33 ip-172-31-18-117 rsyslogd: SSL_ERROR_SSL Error in > >> 'osslEndSess': 'error:00000001:lib(0):func(0):reason(1)(1)' with > >> ret=-1, errno=0, sslapi='SSL_shutdown' [v8.2208.0] Jun 1 12:56:33 > >> ip-172-31-18- > >> 117 rsyslogd: nsd_ossl:OpenSSL Error Stack: > >> error:140E0197:SSL routines:SSL_shutdown:shutdown while in init > >> [v8.2208.0] Jun 1 12:56:33 ip-172-31-18-117 rsyslogd: nsd_ossl: TLS > >> session terminated successfully to remote syslog server '<source>' > >> with SSL Error > >> '-1': End Session [v8.2208.0] > > > > Is that from Server? I would expect an error about failed finding a > > shared cipher. That looks like a NON-TLS Connection attempt. > > > > Yes, this is from the Server. It might be the same underlying issue, > errno 104. > > Perhaps there was a firewall at the installation site that was blocking > packets?
104 means "Connection Reset by peer" which I would expect if the remote site closed the connection for some reason during TLS Handshake. Most likely because no Shared Cipher could be determined. IF you could run a client with debug logging enabled, and look for "osslPostHandshakeCheck" output, this would be helpful. Best regards, Andre Lorbach -- Adiscon GmbH Mozartstr. 21 97950 Großrinderfeld, Germany Ph. +49-9349-9298530 Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB 560610 Ust.-IDNr.: DE 81 22 04 622 Web: www.adiscon.com - Mail: i...@adiscon.com Informations regarding your data privacy policy can be found here: https://www.adiscon.com/data-privacy-policy/ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
