This help site has been deprecated. Please send your requests to

Unable to connect to from our linux server. Handshake_failure

Suresh Kongara's Avatar

Suresh Kongara

15 Feb, 2021 11:57 PM

Hello team, I was trying to install logstash plugins in a Linux server in cloud(Amazon Linux AMI 2016.09). and got the error that the server is not able to download data from Handshake_failure

Command used to install plugin: sudo /usr/share/logstash/bin/logstash-plugin install logstash-filter-environment

Error log: Validating logstash-filter-environment
Unable to download data from - Received fatal alert: handshake_failure (
ERROR: Installation aborted, verification failed for logstash-filter-environment

Tried to access this website from this server with this command: w3m
Error log: Bad cert ident from

I can successfully wget from the server and it got downloaded successfully.

Got this issue with Ruby 2.0, so upgraded version to Ruby 3.0 and still the same error.

Please let me know if you know any solutions.

  1. Support Staff 1 Posted by sonalkr132 on 16 Feb, 2021 06:17 AM

    sonalkr132's Avatar

    Hi Suresh,

    w3m Error log: Bad cert ident from

    Can you please check which IP address is this connecting to? This is working on my system. please confirm you are using the latest version.

    Make sure you are using the latest rubygems version and try adding/updating ca-certificates package on your host. If this doesn't work, it would be helpful if you can share steps to reproduce this, with ami id and commands you ran. Also, please share output of following command:

    curl -Lks '' | ruby
  2. 2 Posted by Suresh Kongara on 16 Feb, 2021 07:51 AM

    Suresh Kongara's Avatar

    Hi these are the details,

    IP address i am connecting to:
    [root@ip-10-65-0-91]# nslookup

    Non-authoritative answer:

    I have updated to the latest versions:
    [root@ip-10-65-0-91 ~]# ruby -v
    ruby 3.0.0p0 (2020-12-25 revision 95aff21468) [x86_64-linux]

    [root@ip-10-65-0-91 ~]# gem --version

    Checked the certificates:
    [root@ip-10-65-0-91]# ls
    GlobalSignRootCA.pem GlobalSignRootCA_R3.pem GlobalSignRootCA_R3.pem.1
    [root@ip-10-65-0-91]# pwd

    Still have the same error. Sharing the commands to reproduce the error.
    1. wget
    2. rpm -Uvh logstash-5.2.2.rpm
    3. sudo /usr/share/logstash/bin/logstash-plugin install logstash-filter-environment

    AMI ID: ami-6536791d
    OS : Amazon Linux AMI 2018.03

    [root@ip-10-65-0-91 ~]# curl -Lks '' | ruby
    Here's your Ruby and OpenSSL environment:

    Ruby: 3.0.0p0 (2020-12-25 revision 95aff214687a5e12c3eb57d056665741e734c188) [x86_64-linux]
    RubyGems: 3.2.3
    Bundler: 2.2.10
    Compiled with: OpenSSL 1.0.2k 26 Jan 2017
    Loaded version: OpenSSL 1.0.2k-fips 26 Jan 2017
    SSL_CERT_FILE: /etc/pki/tls/cert.pem
    SSL_CERT_DIR: /etc/pki/tls/certs

    With that out of the way, let's see if you can connect to

    Bundler connection to success ✅
    RubyGems connection to success ✅
    Ruby net/http connection to success ✅

    Hooray! This Ruby can connect to You are all set to use Bundler and RubyGems. 

    Thank you.

  3. Support Staff 3 Posted by sonalkr132 on 22 Feb, 2021 03:57 AM

    sonalkr132's Avatar


    logstash doesn't uses MRI ruby. It uses Jruby:

    $ sudo cat /usr/share/logstash/bin/logstash-plugin
    unset CDPATH
    .  "$(cd dirname $0/..; pwd)/bin/"
    #bin/logstash-plugin is a short lived ruby script thus we can use aggressive "faster starting JRuby options"
    export JRUBY_OPTS="$JRUBY_OPTS -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -J-noverify -X-C -Xcompile.invokedynamic=false"

    As far as I can tell, the vendored version of jruby is too old and doesn't support SNI:

    $ sudo /usr/share/logstash/vendor/jruby/bin/jruby -v
    jruby 1.7.25 (1.9.3p551) 2016-04-13 867cb81 on OpenJDK 64-Bit Server VM 1.8.0_171-b10 +jit [linux-amd64]
    You will need to find a way to update jruby vendored with logstash. Alternatively, you can use slightly newer logstash, I have verified that logstash-5.6.16 works.
  4. 4 Posted by Suresh Kongara on 23 Feb, 2021 05:27 PM

    Suresh Kongara's Avatar

    Thank you for the insights. The version 5.6.16 works for me.

  5. sonalkr132 closed this discussion on 12 Mar, 2021 09:12 AM.

Discussions are closed to public comments.
If you need help with please start a new discussion.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac