^{Originally posted by mikakatua October 22, 2023}
I'm trying to use fluentd to send logs to a http endpoint. This endpoint only supports TLS 1.3

My configuration is as follows:

<source>
  @type forward
  @label @mainstream
  port 24224
  bind 0.0.0.0
</source>

<label @mainstream>
  <match **>
    @type http
    endpoint https://haproxy:8443/data/logs
    tls_verify_mode none
    tls_version TLSv1_3
    <format>
      @type json
    </format>
    json_array true
    <buffer>
      flush_interval 2s
    </buffer>
  </match>
</label>

This does not work. I get the error:

[warn]: #0 got unrecoverable error in primary and no secondary error_class=ArgumentError error="unknown SSL method `TLSv1_3'"

Looking at the http output documentation it looks like the max version is TLS 1.2. I have verified that it works removing the tls_version parameter and downgrading the ssl configuration of the endpoint to support TLS 1.2.

If I remove the tls_version parameter without downgrading the endpoint, the error is:

[warn]: #0 failed to flush the buffer. retry_times=0 next_retry_time=2023-10-21 15:55:12 +0000 chunk="6083c037d2f85b70a8f464156a75b22d" error_class=OpenSSL::SSL::SSLError error="SSL_connect returned=1 errno=0 peeraddr=172.18.0.4:8443 state=error: tlsv1 alert protocol version"

Is there any way to get it working with TLS 1.3?

I'm using Fluentd v1.16.2-1.0 docker image