True that. Sometimes though you don't have much choice if you're
constrained by your distro's packages.
And I must say that TLS configuration is (or at least can be) hugely
messed up anyway.
But -110 typically says that the connection ended before it properly
went through all its stages and was properly closed. Usually (but not
always) it suggests that the remote end decided it doesn't like
something about us (our algorithms suite, our certificate validity or
lack thereof, our DN or SAN) and decided to close the connection
(possibly forcefully by just sending RST).
It might help to look into other end's logs - they might contain the
reason for such termination.
On 17.07.2023 09:37, Rainer Gerhards wrote:
> I suggest to use the openssl driver (ossl, separate package). A prime
> reason for implementing openssl was that the gnutls error messages are
> usually very unhelpful. this is much better with openssl.
>
> Rainer
>
> El lun, 17 jul 2023 a las 8:54, Mariusz Kruk via rsyslog
> (<rsyslog@lists.adiscon.com>) escribió:
>> Yes. People came across this error several times.
>>
>> -110 GNUTLS_E_PREMATURE_TERMINATION The TLS connection was
>> non-properly terminated.
>>
>> It means something is wrong with either the configuration or your network.
>>
>> With such skimpy details we can't say much more.
>>
>> Check your config, check your connection with openssl s_client, do a
>> tcpdump if necessary and see what's going on on the wire...
>>
>> On 17.07.2023 06:29, Andrew Cowan via rsyslog wrote:
>>> Has anyone come across this error?
>>>
>>> This occurs in the logs when I do a logger test from client to server using TLS. Some kind of TLS error.
>>> _______________________________________________
>>> rsyslog mailing list
>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Followhttps://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow
https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.