I am trying to use the om_http module to POST events to an AWS API Gateway (which won't allow SSLv3 connections). Looking at this forum and the documentation, it seems like the latest version of the community edition, nxlog-ce-2.9.1716, should support TLSv1.2, but I keep getting the following error when it attempts to connect to my API:

ERROR SSL error, SSL_ERROR_SSL: retval -1, sslv3 alert handshake failure

Below is my config for the output:

<Output out>

    Module       om_http

    URL         https://<my api endpoint>

    ContentType "application/json"



I have also tried using HTTPSAllowUntrusted TRUE, which doesn't change anything. Also, I tested the API endpoint with curl and it works fine.


Thanks in advance for any help!


UPDATE: It looks like nxlog is negotiating using TLSv1.2 (discovered with wireshark). I also discovered that AWS API Gateway requires the SNI extension to TLS. This is likely the problem if nxlog-ce doesn't support SNI. Any idea if/when that will be supported in the community edition?

AskedJuly 28, 2017 - 12:18am

Answer (1)