Open omers opened 8 months ago
Hi @omers !
Thanks for filing this. Are you using a load balancer in-front of Vector? If so, could you provide more details about its configuration? I tried to reproduce this locally, but wasn't able to reproduce Vector not serving TLS.
Could you also try::
openssl s_client -connect ****.****.com
and provide the outputcurl -v https://****.****.com
and provide the outputcurl https://localhost
from the host running Vector and see if that worksHi! Sorry for the late response. There is no LB between the client and the process.
The is the output of the openssl s_client:
0050C8D801000000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:861:SSL alert number 40
The curl output:
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, handshake failure (552):
* LibreSSL/3.3.6: error:1401E410:SSL routines:CONNECT_CR_FINISHED:sslv3 alert handshake failure
* Closing connection
curl: (35) LibreSSL/3.3.6: error:1401E410:SSL routines:CONNECT_CR_FINISHED:sslv3 alert handshake failure
The output from localhost:
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Thanks @omers ! Those errors would may indicate that the certificate isn't valid for the hostname being used. Could you try curl --insecure
to see if curl
is able to make the request without requiring the certificate to be valid?
curl --insecure https://***-***.*****.com
curl: (35) LibreSSL/3.3.6: error:1401E410:SSL routines:CONNECT_CR_FINISHED:sslv3 alert handshake failure
Hmm, that's odd. Is it serving TLS at all? Does curl http://...:443
work?
curl http://****.***-***.com:443
curl: (56) Recv failure: Connection reset by peer
Hmm. I'm not sure what's going on here then. Do you have a load balancer in the middle that could be misconfigured?
No load balancer, EC2 instance publicly exposed to 443 port.
Gotcha, I'm not sure then. I unfortunately haven't been able to reproduce this behavior locally; the aws_kinesis_firehose
source served TLS traffic fine :/
A note for the community
Problem
I'm setting up an instance with aws_kinesis_firehose as a source. I configures the tls settings with a valid certificate. When setting up the kinesis firehose to the HTTP endpoint, it fails to connect due to SSL communication error.
I tried to use curl too, and got the following error:
Configuration
Version
vector 0.35.0 (x86_64-unknown-linux-gnu e57c0c0 2024-01-08 14:42:10.103908779)
Debug Output
Example Data
No response
Additional Context
No response
References
No response