TLS Input created


I’ve created a few inputs but one I created specifically for SentinelOne. The only message I get back from the log is:

“ERROR [AbstractTcpTransport] Error in Input [Syslog TCP/5e9897802db02f17c22436e5] (channel [id: 0x20c43645, L:/x.x.x.x:6514 ! R:/x.x.x.x:29069]) (cause i
o.netty.handler.codec.DecoderException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH)”

I’m not sure why I am getting this when other inputs work fine. It seems the error doesn’t reveal enough information. I have the website setup with https and that certificate works fine for the site but throws the BAD_PACKET_LENGTH error on this input. The certificate that is currently applied has no password, but I’ve tried one with and without a password and both throw the same error message in the log.

Check you openssl and java version run on graylog server, if it support type of TLS certificate. What type of certificate do you use? RSA or some Elliptic ciphers?

I’m using a RSA certificate. About a month ago, I thought there was an issue with the Graylog server so I completely rebuilt it on a different OS. I’m still getting the same error
“BAD_PACKET_LENGTH”. I know the certificates I have work because they work over https and over other inputs fine.

Check your certificate length:

openssl x509 -in certificate.crt -text -noout | grep “Public-Key”

RSA Public-Key: (2048 bit)

Yes the input cert is 2048.
root@saegraylog:/etc/graylog/server# openssl x509 -in graylog.pem -text -noout | grep “RSA”
Signature Algorithm: sha256WithRSAEncryption
RSA Public-Key: (2048 bit)
Signature Algorithm: sha256WithRSAEncryption

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.