Disabling TLSv1, TLSv1.1 in logstash tcp input is not working in Logstash 6.8.23 #206
Comments
epadmav
changed the title
epadmav
changed the title
|
Any updates on this? Looking for a lowest supported version of the TCP plugin that supports the TLS restriction. Thanks. |
12 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Logstash 6.8.23 , we have followed the below-mentioned approaches to disable TLSv1, TLSv1.1.
1)Modified /usr/java/jdk1.8.0_231-amd64/jre/lib/security/java.security with the below content:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1 keySize < 2048,
RC4, DES, MD5withRSA, DH keySize < 1024,
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Still TLSv1, TLSv1.1 is not disabled.
2)Tried disabling TLSv1, TLSv1.1 through custom security configuration setup by following the below steps:
a) Created a directory jvm.options.d in /etc/logstash/conf.d
b) Created a file java.security.options in /etc/logstash/conf.d/jvm.options.d
c) Appended the below content in /etc/logstash/conf.d/jvm.options.d/java.security.options
-Djava.security.properties=/etc/logstash/es.java.security
d) Created a file es.java.security in /etc/logstash directory
e) Added the below content in es.java.security file
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA,
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
This approach is also not working in logstash 6.8.23 version. Could you please let me know if any other configuration changes need to be done or if there is any alternate approach to disable TLSv1,TLSv1.1 in logstash 6.8.23 version? Thanks in Advance
The text was updated successfully, but these errors were encountered: