NXLOG-CE v2.9.1716 with a certificate built with a ECDSA key | Log Collection Solutions

Post a different question

4
responses

D.LEC's picture

D.LEC

Hello,

Extract of nxlog.log :

2016-08-24 08:58:30 INFO nxlog-ce-2.9.1716 started
2016-08-24 09:01:24 INFO SSL connection accepted from 172.25.20.35:51694
2016-08-24 09:01:24 ERROR SSL error, SSL_ERROR_SSL: retval -1, no shared cipher,
2016-08-24 09:01:24 WARNING SSL connection closed from 172.25.20.35:51694

My question : SSL libraries (libeay32.dll and ssleay32.dll) used by NXLOG-CE are they compatible with use of a certificate built with a ECDSA key ?

Thanks for your help.

AskedAugust 24, 2016 - 10:16am

Answer (1)

adm's picture

adm

This is a known issue.

Reportedly when the cert has Key Usage "Digital Signature, Key Encipherment" the observed error occurs. The workaround is to omit these flags.

AnsweredAugust 24, 2016 - 10:53am

Leave a comment

Comments (3)

D.LEC
Leave a comment
Thanks a lot. I have effectively the "Digital Signature" flag in my cert. So, i will rebuild the cert without this flag.

August 24, 2016 - 5:24pm

D.LEC
Leave a comment
NEW TRY :
The cert of my nxlog server is now without any flag.
When i send a msg from a syslog client, i have this result :

INFO SSL connection accepted from 172.25.20.35:45656
ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found
WARNING SSL connection closed from 172.25.20.35:45656

Any idea ?

Thanks...

September 1, 2016 - 5:03pm

adm (NXLog)
Leave a comment
You should investigate the other end to see why it's closing the connection.

September 2, 2016 - 12:22am