TLS version negotiation issue

[aklobus00]

Bug Report

TLS does not work when targets accepts only TLSv1.2 and tls.min_version set to TLSv1.2

To Reproduce
Output accepts only TLSv1.2, not newer. Otel output in fluentbit set to tls.min_version: TLSv1.2

outputs:
-  name: opentelemetry
          match: "*"
          host: host
          port: port
          tls: on
          tls.min_version: "TLSv1.2"
          tls.verify: on
          tls.ca_file: file
          tls.crt_file: file
          tls.key_file: file

Result:

Expected behavior
TLSv1.2 should be negotiated and requests should reach the target

Version used: 4.1.1, 4.2.4, 5.0.5

[patrick-stephens]

4.1 is no longer supported: https://github.com/fluent/fluent-bit/security/policy

Can you retry with 4.2 or 5.0 series?

[aklobus00]

Tested again with 4.2.2
Issue is still there

[patrick-stephens]

4.2.2 is not the latest so can you try 4.2.4 - if it is can you update the description with the version?

I suspect it will still be present as I cannot see any TLS specific commits in the changelog but worth a quick check in case it is resolved: v4.2.2...v4.2.4

Similarly it may be worth trying 5.0.5 in case something has resolved it - plus it's a lot more important to resolve then as well for latest releases.

[aklobus00]

v4.2.4 and v5.0.5 have the same issue