Unable to use authenticated encryption methods

Unfortunately, Ruby's OpenSSL plugin as shipped with v0.1.4 doesn't support any authenticated encryption algorithms, so it's impossible to tell if anyone tampered with my data after encryption. This is the output from Ruby:

> require 'openssl'
> puts OpenSSL::Cipher.ciphers
AES-128
aes-128
AES-128-CBC
aes-128-cbc
AES-128-CFB
aes-128-cfb
AES-128-CFB1
aes-128-cfb1
AES-128-CFB8
aes-128-cfb8
AES-128-ECB
aes-128-ecb
AES-128-OFB
aes-128-ofb
AES-192
aes-192
AES-192-CBC
aes-192-cbc
AES-192-CFB
aes-192-cfb
AES-192-CFB1
aes-192-cfb1
AES-192-CFB8
aes-192-cfb8                                                                                                
AES-192-ECB
aes-192-ecb
AES-192-OFB
aes-192-ofb
AES-256
aes-256
AES-256-CBC
aes-256-cbc
AES-256-CFB
aes-256-cfb
AES-256-CFB1
aes-256-cfb1
AES-256-CFB8
aes-256-cfb8
AES-256-ECB
aes-256-ecb
AES-256-OFB
aes-256-ofb
BF
bf
BF-CBC
bf-cbc
BF-CFB
bf-cfb
BF-CFB1
bf-cfb1
BF-CFB8
bf-cfb8
BF-ECB
bf-ecb
BF-OFB
bf-ofb
DES
des
DES-CBC
des-cbc
DES-CFB
des-cfb
DES-CFB1
des-cfb1
DES-CFB8
des-cfb8
DES-ECB
des-ecb
DES-OFB
des-ofb
DES-EDE
des-ede
DES-EDE-CBC
des-ede-cbc
DES-EDE-CFB
des-ede3-cfb
DES-EDE3-CFB1
des-ede3-cfb1
DES-EDE3-CFB8
des-ede3-cfb8
DES-EDE3-ECB
des-ede3-ecb
DES-EDE3-OFB
des-ede3-ofb
RC2
rc2
RC2-CBC
rc2-cbc
RC2-CFB
rc2-cfb
RC2-CFB1
rc2-cfb1
RC2-CFB8
rc2-cfb8
RC2-ECB
rc2-ecb
RC2-OFB
rc2-ofb
CAST5
cast5
CAST5-CBC
cast5-cbc
CAST5-CFB
cast5-cfb
CAST5-CFB1
cast5-cfb1
CAST5-CFB8
cast5-cfb8
CAST5-ECB
cast5-ecb
CAST5-OFB
cast5-ofb
BLOWFISH
blowfish
RC2-40-CBC
rc2-40-cbc
RC2-64-CBC
rc2-64-cbc
RC4
rc4
RC4-40
rc4-40
CAST
cast
CAST-CBC
cast-cbc

This is only a limited subset of what OpenSSL actually supports underneath the hood. It seems that the Ruby OpenSSL library isn't too recent. By upgrading the Ruby OpenSSL binding, we'd also be able to use authenticated ciphers like AES-{128,192.256}-GCM. On Ubuntu 14.04 if I just run the following, here's what I see that OpenSSL natively supports:

$ openssl ciphers | tr ":" "\n"
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
SRP-DSS-AES-256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
PSK-AES256-CBC-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
SRP-DSS-3DES-EDE-CBC-SHA
SRP-RSA-3DES-EDE-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
DES-CBC3-SHA
PSK-3DES-EDE-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
SRP-DSS-AES-128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DHE-RSA-SEED-SHA
DHE-DSS-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
SEED-SHA
CAMELLIA128-SHA
PSK-AES128-CBC-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
PSK-RC4-SHA
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5

AES-256-GCM is listed as being supported, but it's unavailable within the the cipher filter, possibly due to an old Ruby OpenSSL bindings library.

logstash-plugins / logstash-filter-cipher

Unable to use authenticated encryption methods #5