TLS problem after Upgrade to Graylog 4.1

After upgrade to Graylog 4.1 I see in the server.log file this:

2021-06-24T12:33:57.395+02:00 ERROR [Messages] Caught exception during bulk indexing: Received fatal alert: handshake_failure, retrying (attempt #9).

And in the Elasticsearch log I see this:

[2021-06-24T12:42:22,381][WARN ][o.e.h.n.Netty4HttpServerTransport] [shspfli23626251] caught exception while handling client http traffic, closing connection [id: 0x0d0b144b, L: ! R:/]
io.netty.handler.codec.DecoderException: no cipher suites in common
Was there a change in the default cipher suite??

Connection to Elasticsearch is therefore broken.

ES ist version 6.8.15
Graylog is version 4.1.0
Java is:
openjdk version “1.8.0_232”
OpenJDK Runtime Environment (IcedTea 3.14.0) (build 1.8.0_232-b08 suse-27.38.1-x86_64)
OpenJDK 64-Bit Server VM (build 25.232-b09, mixed mode)

MongoDB is 4.2.13

What to do?

Thanks in advance,

Dietmar Schurr


I might be able to help.

I found some advice with that error.

Not knowing you completed environment the best I can do right now is offer some suggestion
Hope that helps

Hello gsmith,

thanks for your hint. But it looks like there is a problem with the cipher suites. The log says “no cipher suites in common”.
Nothing was changed, except the upgrade form 4.0.8 to 4.1. Elasticsearch and Java is the same as before.
So I would assume that there was a change in 4.1 which disables some “cipher suites”.
I don’t know how to force specifice cipher suites in Graylog, Elasticsearch or Java in general. May be this could help.

Dietmar Schurr

Hi @schurd ,

there are changes regarding cipher suites:

We are experiencing problems as well connecting to our ldap system.


1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.