fix: provide ssl engine with advisory peer and algorithm info

Author: yaauie

CHANGELOG.md

@@ -1,3 +1,6 @@
+## 6.4.3
+  - Fix: provide SSL engine with advisory peer and algorithm information [#458](https://github.com/logstash-plugins/logstash-input-beats/issues/458)
+
 ## 6.4.2
   - Build: do not package jackson dependencies [#455](https://github.com/logstash-plugins/logstash-input-beats/pull/455)
 

VERSION

@@ -1 +1 @@
-6.4.2
+6.4.3

src/main/java/org/logstash/netty/SslHandlerProvider.java

@@ -4,6 +4,10 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslHandler;
 
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import java.net.InetSocketAddress;
+
 public class SslHandlerProvider {
 
     private final SslContext sslContext;
@@ -14,9 +18,20 @@ public SslHandlerProvider(SslContext context, int sslHandshakeTimeoutMillis){
         this.sslHandshakeTimeoutMillis = sslHandshakeTimeoutMillis;
     }
 
-    public SslHandler sslHandlerForChannel(final SocketChannel socket) {
-        SslHandler handler =  sslContext.newHandler(socket.alloc());
-        handler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis);
-        return handler;
+    public SslHandler sslHandlerForChannel(final SocketChannel socketChannel) {
+        final InetSocketAddress remoteAddress = socketChannel.remoteAddress();
+        final String peerHost = remoteAddress.getHostString();
+        final int peerPort = remoteAddress.getPort();
+        final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort);
+
+        final SSLEngine engine = sslHandler.engine();
+        engine.setUseClientMode(false);
+
+        final SSLParameters sslParameters = engine.getSSLParameters();
+        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+        engine.setSSLParameters(sslParameters);
+
+        sslHandler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis);
+        return sslHandler;
     }
 }