Thanks for the response David, I was beginning to worry that no one was going to have any ideas.
The Solaris box is x86. I went in and loaded the supplied keys from the source package to make sure it wasn't a key issue and had the same problem. I then stood up another RHEL6 box (rsyslog 5.8.10-6) and I was able to successfully get them to talk over TLS. This rules out server configuration error and I tried to copy the client configuration as closely as I could. I also reversed the test and tried to send logs from the Linux box to the Solaris box but again had issues. That was a different problem, but I can't recall the error off of the top of my head since I don't have my notes in front of me. I plan to try two more things (today hopefully). 1) Stand up another Solaris 10 (x86) box and see if I can send TLS encrypted messages from Solaris -> Solaris. 2) Pull down a rsyslog 6 package from EPEL for the RHEL box and see if that allows the Solaris system to play nice. I don't know if I will get approval to update the package in production or not, but it is worth testing. Thanks again and let me know if you have any further ideas. Chad -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Thursday, August 01, 2013 3:21 AM To: rsyslog-users Subject: Re: [rsyslog] Rsyslog with TLS woes This is an area I don't know much about. Rainer is on vacation for several weeks, hopefully Andre can take a look at this. Is the Solaris system on Sparc or x86? If it's Sparc, I'd be very suspicious of a endian related bug. If it was possible for you to do a quick test between a Sparc and x86 Solaris box to see if that works or not it would be interesting (if that fails, same version on each, just the architecture difference, I would bet heavily on an endian bug) David Lang On Tue, 30 Jul 2013, Truhn, Chad M CTR NSWCDD, CXA30 wrote: > Date: Tue, 30 Jul 2013 11:26:52 -0400 > From: "Truhn, Chad M CTR NSWCDD, CXA30" <[email protected]> > Reply-To: rsyslog-users <[email protected]> > To: [email protected] > Subject: [rsyslog] Rsyslog with TLS woes > > Hello All, > > I am trying to get rsyslog working with TLS and I am having some issues. > I am running a Red Hat 6 server (rsyslog 5.8.10-6) and a Solaris 11 > client (rsyslog 6.2.0), both in -c5 compatibility mode. I have > verified that I am can send data unencrypted between these two > machines, but when I enable TLS I get: > > rsyslogd: netstream session 0x7f938c01ad20 will be closed due to error > [try http://www.rsyslog.com/e/2078 ] > > I followed the guide at > http://www.rsyslog.com/doc/rsyslog_secure_tls.html to get all of my > certificates and keys set up. I have tried re-creating the certs > again to make sure I don't have a typo and got the same results. > > I then ran the rsyslogd process in debug mode to try to get more > information and this is what I get: > > From the server (logserver): > unexpected GnuTLS error -9 in nsd_gtls.c:519: A TLS packet with > unexpected length was received. > > From the client (sol11): > unexpected GnuTLS error -24 in > /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/ > rs > yslog-6.2.0/runtime/nsd_gtls.c:1628: Decryption has failed. > > The applicable lines in my config files are: > > Server: > $DefaultNetstreamDriver gtls > > $DefaultNetstreamDriverCAFile /certs/ca.pem > $DefaultNetstreamDriverCertFile /certs/logserver-cert.pem > $DefaultNetstreamDriverKeyFile /certs/logserver-key.pem > > $InputTCPServerStreamDriverAuthMode x509/name > $InputTCPServerStreamDriverPermittedPeer *.mydomain > $InputTCPServerStreamDriverMode 1 $InputTCPServerRun 514 > > > Client: > # make gtls driver the default > $DefaultNetstreamDriver gtls > > # certificate files > $DefaultNetstreamDriverCAFile /certs/ca.pem > $DefaultNetstreamDriverCertFile /certs/sol11-cert.pem > $DefaultNetstreamDriverKeyFile /certs/sol11-key.pem > > $ActionSendStreamDriverAuthMode x509/name > $ActionSendStreamDriverPermittedPeer *.mydomain > $ActionSendStreamDriverMode 1 # run driver in TLS-only mode > > *.* @@logserver:514 > > > Any ideas as to what I might be doing wrong? I can send along my full > config files or debug log if needed, but I didn't want to make this > message too long. I am also fairly stuck on what versions of rsyslog > I can run (must be supplied by vendor, RedHat/Oracle) but if this is a > bug in one of the versions or an issue with the version mismatch > between client and server I may be able to convince the right people > to update the minor revisions. > > > Thanks in advance! > > > > Thank you, > > Chad Truhn > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
