Feat: ssl_supported_protocols (TLSv1.3) + ssl_cipher_suites

kares commented 2 years ago

The intent here is to officially support TLS 1.3 with an option to limit the protocol (both in server/client mode) with:

ssl_supported_protocols => TLSv1.3

As well as being able to limit the TLS cipher suites used between client and server using:

ssl_cipher_suites => [ ... ]

Unfortunately to be able to support the feature a recent version of JRuby-OpenSSL is required and since the gem version is locked in 7.x and 8.0 versions we need to play some clever tricks to disable the >= 0.12.2 requirement -> tests than feature detect the version available and adjust accordingly.

kares commented 2 years ago

@yaauie the plugin is updated to require LS >= 8.1 (which already has jruby-openssl 0.12.2) this means we no longer need special checks for Java 8 (due TLSv1.3 support) thus all of the code has been removed.

AnandhkumarG commented 2 years ago

Hi , Does this feature require Logstash 8.1.x as minimum? WIll this feature work in 7.17.x for example. Please let know if there is a compatiibility matrix for plugins versions-LS versions. Thanks in advance

logstash-plugins / logstash-input-tcp

Feat: ssl_supported_protocols (TLSv1.3) + ssl_cipher_suites #198