Skip to content

out_http: TLS1.3 support #4859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 28, 2025
Merged

out_http: TLS1.3 support #4859

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1a78bbe
changed https opts in out-http
Athishpranav2003 Mar 8, 2025
f83ff3a
fixed webrick
Athishpranav2003 Mar 9, 2025
5d5f0f3
New testcases for function set_version_to_options - TLS
Athishpranav2003 May 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/fluent/plugin/out_http.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,7 @@ def setup_http_option
OpenSSL::SSL::VERIFY_PEER
end
opt[:ciphers] = @tls_ciphers
opt[:ssl_version] = @tls_version
opt = Fluent::TLS.set_version_to_options(opt, @tls_version, nil, nil)
end

opt
Expand Down
24 changes: 24 additions & 0 deletions lib/fluent/tls.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,30 @@ def set_version_to_context(ctx, version, min_version, max_version)
ctx
end
module_function :set_version_to_context

def set_version_to_options(opt, version, min_version, max_version)
if MIN_MAX_AVAILABLE
case
when min_version.nil? && max_version.nil?
min_version = METHODS_MAP[version] || version
max_version = METHODS_MAP[version] || version
when min_version.nil? && max_version
raise Fluent::ConfigError, "When you set max_version, must set min_version together"
when min_version && max_version.nil?
raise Fluent::ConfigError, "When you set min_version, must set max_version together"
else
min_version = METHODS_MAP[min_version] || min_version
max_version = METHODS_MAP[max_version] || max_version
end
opt[:min_version] = min_version
opt[:max_version] = max_version
else
opt[:ssl_version] = METHODS_MAP[version] || version
end

opt
end
module_function :set_version_to_options
end
end

2 changes: 2 additions & 0 deletions test/plugin/test_out_http.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,7 @@ def server_config
# WEBrick supports self-generated self-signed certificate
config[:SSLEnable] = true
config[:SSLCertName] = [["CN", WEBrick::Utils::getservername]]
config[:SSLMaxVersion] = OpenSSL::SSL::TLS1_3_VERSION
config
end

Expand All @@ -512,6 +513,7 @@ def test_write_with_https
d = create_driver(%[
endpoint https://127.0.0.1:#{server_port}/test
tls_verify_mode none
tls_version TLSv1_3
ssl_timeout 2s
])
d.run(default_tag: 'test.http') do
Expand Down