Hi all.
I am using "'graylog2-plugin-input-httpmonitor"
(https://github.com/sivasamyk/graylog2-plugin-input-httpmonitor)
to recover JSON data from a HTTPS request.
The issue is that I am getting an " handshake_failure" when I am doing
an HTTPS request.
The same request works properly with all the browsers. The server accepts
only HTTPS
requests using the host name of the web app (not the IP). I believe that
there is a protocol
incompatibility between Graylog and the server.
I am doing the request.
i Tried to some configurations on the nginx.conf, like using different
ciphers and disabling some secure protocols but didn't manage to over pass
the problem.
I am not sure if it is any relevant but from some tests I did, the accepted
cipher suites are the following:
Cipher Suites (sorted by strength as the server has no preference;
deprecated and SSL 2 suites at the end)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 571 bits (eq. 15360
bits RSA) FS 112
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 571 bits (eq. 15360 bits
RSA) FS 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 571 bits (eq. 15360
bits RSA) FS 128
Here is the trace from the ssldump:
New TCP connection #52: ip-10-69-21-73.ec2.internal(60370) <->
ec2-54-225-212-193.compute-1.amazonaws.com(443)
52 1 0.0035 (0.0035) C>S SSLv2 compatible client hello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
SSL2_DES_64_CBC_WITH_MD5
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SSL2_RC4_128_WITH_MD5
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_DES_192_EDE3_CBC_WITH_MD5
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
SSL2_RC4_128_EXPORT40_WITH_MD5
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
52 2 0.0041 (0.0005) S>C Alert
level fatal
value handshake_failure
Thank you very much, I appreciate you help in advance.
Lefteris,
DevOps on RestComm.
http://www.restcomm.com/)
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/2acfb55e-46f9-47b3-80be-1836bf583657%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
