After upgrade to Graylog 4.1 I see in the server.log file this:
2021-06-24T12:33:57.395+02:00 ERROR [Messages] Caught exception during bulk indexing: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure, retrying (attempt #9).
And in the Elasticsearch log I see this:
[2021-06-24T12:42:22,381][WARN ][o.e.h.n.Netty4HttpServerTransport] [shspfli23626251] caught exception while handling client http traffic, closing connection [id: 0x0d0b144b, L:0.0.0.0/0.0.0.0:9200 ! R:/10.5.0.164:60374]
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Was there a change in the default cipher suite??
Connection to Elasticsearch is therefore broken.
ES ist version 6.8.15
Graylog is version 4.1.0
Java is:
openjdk version “1.8.0_232”
OpenJDK Runtime Environment (IcedTea 3.14.0) (build 1.8.0_232-b08 suse-27.38.1-x86_64)
OpenJDK 64-Bit Server VM (build 25.232-b09, mixed mode)
thanks for your hint. But it looks like there is a problem with the cipher suites. The log says “no cipher suites in common”.
Nothing was changed, except the upgrade form 4.0.8 to 4.1. Elasticsearch and Java is the same as before.
So I would assume that there was a change in 4.1 which disables some “cipher suites”.
I don’t know how to force specifice cipher suites in Graylog, Elasticsearch or Java in general. May be this could help.
Regards,
