Failed tls Handshake, EOF

[fechnert]

logstash-forwarder throws this Error after starting with valid and signed Certificates:

2015/07/28 11:32:31.299607 Loading client ssl certificate: /root/CA/minion2-pub.pem and /root/CA/minion2-key.pem
2015/07/28 11:32:32.221653 Connecting to [xxx.xxx.xxx.xxx]:12345 (salt-minion-1.it.domain.org) 
2015/07/28 11:32:32.813255 Failed to tls handshake with xxx.xxx.xxx.xxx EOF

Other issues say that they are not using IP SANs. But i'm using hostnames so that shouldn't be a problem. The certificates are signed by my own CA, but the CA's certificate is imprted and loaded in the senders server.

[smashwilson]

I'm seeing this as well.

Are you using the official logstash image from DockerHub on the receiving end, by any chance? I was able to replicate this locally when logstash is running in docker, but if I run logstash directly, instead, the connection succeeds. I suspect it has something to do with openssl within that container.

[smashwilson]

Actually, pinning the docker image to 1.5.2 instead seems to work, too:

docker run --name=logstash -d \
  -v ${PWD}/conf:/conf:ro \
  -v ${PWD}/certificates:/certificates:ro \
  -p 5000:5000 \
  logstash:1.5.2 \
  logstash -f /conf/logstash.conf --debug

[ph]

I am working on fixing this, see the dicussion here this https://github.com/elastic/logstash/issues/3657. We will release a 1.5.4 version shortly.

[ph]

Would you mind trying it with logstash 1.5.4 if you still see this issue?

[fechnert]

I will try this if i have some time, but i'm already working on an ELK stack.

[AlexB030]

As far as I am concerned, the problem is still existent with version 1.5.4... tried it out right now

[AlexB030]

Hmm ok, as stated in this post (https://github.com/elastic/logstash/issues/3657) removing the lines "ssl certificate" and "ssl key" in your lsf config file does the trick.