Closed alokdnb closed 3 years ago
driskell
commented
7 years ago The code that handles it is here: https://github.com/driskell/ruby-log-courier/blob/master/lib/log-courier/server_tcp.rb I don't know when I will gain time to look at it but hopefully it will guide you where to look if you need to patch something. I will try find some time soon as it's definitely a requirement to enforce 1.2.
MKuzma
commented
7 years ago Might be as simple as adding this line:
ssl.ssl_version = :TLSv1_2
before or after line 99:
ssl.set_params
driskell
commented
3 years ago I have updated this and it will now also output the TLS version to logs so it can be verified if needed. Also added protocol handshake support so it will output name and version of connected remotes. Will do some testing in the next week or two and do a release to rubygems.
driskell
commented
3 years ago Option is called min_tls_version and can be set to what's needed. It defaults to 1.2
driskell
commented
3 years ago Released as logstash-input-courier-2.7.2
It seems default Log Courier settings allows the TLSv1 .. we wanted to disable the tlsv1.1 and tlsv1. can you suggest whats the good way to disable it out ? I don't see any setting in there.
Current settings we have is, input { courier { port => 5001 ssl_certificate => "/etc/coupa/logstash/indexer.pem" ssl_key => "/etc/coupa/logstash/indexer.key"