Upgrade to 3.2.2 breaks input

romgo · February 24, 2020, 4:19pm

Hi,

I just upgraded to graylog server from 3.0.2-1 to 3.2.2.
I restarted the server, and now the beats input isn’t working anymore :

2020-02-24T17:17:19.871+01:00 WARN  [ChannelInitializer] Failed to initialize a channel. Closing: [id: 0x1920999d, L:/10.144.102.68:5044 - R:/10.144.117.45:36846]
java.lang.IllegalArgumentException: TLSv1.3
        at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) ~[?:1.8.0_242]
        at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) ~[?:1.8.0_242]
        at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) ~[?:1.8.0_242]
        at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2070) ~[?:1.8.0_242]
        at io.netty.handler.ssl.JdkSslContext.configureAndWrapEngine(JdkSslContext.java:341) ~[graylog.jar:?]
        at io.netty.handler.ssl.JdkSslContext.newEngine(JdkSslContext.java:330) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$3.createSslEngine(AbstractTcpTransport.java:338) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$3.call(AbstractTcpTransport.java:305) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$3.call(AbstractTcpTransport.java:301) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.initChannel(NettyTransport.java:105) ~[graylog.jar:?]
        at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) [graylog.jar:?]
        at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112) [graylog.jar:?]
        at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:956) [graylog.jar:?]
        at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609) [graylog.jar:?]
        at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46) [graylog.jar:?]
        at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463) [graylog.jar:?]
        at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115) [graylog.jar:?]
        at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650) [graylog.jar:?]
        at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:502) [graylog.jar:?]
        at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:417) [graylog.jar:?]
        at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:474) [graylog.jar:?]
        at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) [graylog.jar:?]
        at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) [graylog.jar:?]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500) [graylog.jar:?]
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [graylog.jar:?]
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [graylog.jar:?]
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_242]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_242]
        at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_242]

Is ther any way to fix this ?

thanks

Ponet · February 24, 2020, 5:54pm

Do you have the enabled_tls_protocols option set in your server.conf?

https://docs.graylog.org/en/latest/pages/upgrade/graylog-3.2.html#configuration-file-changes

https://docs.graylog.org/en/latest/pages/configuration/server.conf.html#server-conf

romgo · February 24, 2020, 7:18pm

Hi @Ponet

indeed this waht I missed in the documentation.
Setting to TLSv1.2 fixed the isssue.

Many thanks

mpfz0r · February 25, 2020, 9:14am

@romgo
Weird, I thought I’ve tested this.
Which jdk version are you using? did you change the transport_netty_tls_provider setting?

Thanks

romgo · February 25, 2020, 9:39am

Hi,

I do use :

# java -version
openjdk version "1.8.0_242"
OpenJDK Runtime Environment (build 1.8.0_242-8u242-b08-1~deb9u1-b08)
OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)

I didn’t change transport_netty_tls_provider option.
To make it work I had to set enabled_tls_protocols = TLSv1.2 into server.conf

Hope this help.

Thanks

mpfz0r · February 25, 2020, 10:15am

Hmm,
I guess this is because you’re running Debian 9

Do you see any errors about libnetty in your server.log?

romgo · February 25, 2020, 10:19am

indeed I’m running debian 9.
I don’t see any error in server.log file.

system · March 10, 2020, 10:19am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog beats input TLS enable Error Graylog Central (peer support) sidecar , nxlog , filebeat-linux , nodatanx , send-csv-logsnx , nosendlogfblx	10	5750	November 27, 2017
Graylog 3.0.1 - Unknown beats protocol version Graylog Central (peer support)	6	2735	June 21, 2019
SSL issues with beats input Graylog Central (peer support) sidecar , winlogbeat	3	1873	September 30, 2020
Looking for help with some errors we're receiving on our Windows TLS - [AbstractTcpTransport] Graylog Central (peer support)	4	537	October 18, 2023
Beats input with TLS enabled - authentication problem Graylog Central (peer support)	4	3361	April 29, 2020

Upgrade to 3.2.2 breaks input

Related topics