search

elastic / logstash

Logstash - transport and process your logs, events, or other data
https://www.elastic.co/products/logstash
Other
14.18k stars 3.49k forks source link

Add support for TLS/SSL certificate revocations #11602

Open VimCommando opened 4 years ago

VimCommando commented 4 years ago

As it stands today Logstash does not check if a certificate has been revoked. This means if a certificate has been compromised, the entire trust chain may need to be replaced. To simplify the security response, honoring a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) will be an enormous help.

JRuby's SSL libraries already supports this: https://github.com/jruby/jruby-openssl/pull/124

crizbe commented 4 years ago

+1 I really look for this feature

cskowronnek commented 4 years ago

+1 we would need this too as this is often a requirement in enterprise environments

cmer86 commented 2 years ago

+1 we are wondering if there is any progress here?

cstegm commented 1 year ago

+1 we are wondering if there is any progress here? Can someone add the security label here?

dmuensterer commented 1 year ago

+1 this would be a great (almost necessary) feature

makefu commented 10 months ago

+1 it is otherwise very hard to argument about the effective use of Logstash for TLS

32bitbradley commented 7 months ago

+1