https://community.splunk.com/t5/Getting-Data-In/How-to-resolve-quot-SSL23-GET-CLIENT-HELLO-unknown-protocol-quot/m-p/688846#M114687 <P>Sounds like you need certs on the UF</P><P>You can copy them from the indexer or put them into an app and deployment them via the Deployment Server inside an app and change the config below paths.&nbsp;</P><P>Example config</P><P>outputs.conf</P><LI-CODE lang="markup">clientCert= /opt/splunkforwarder/etc/auth/mycerts/my_prepared_cert.pem sslPassword = &lt;IF YOU SET A PASSPHRASE&gt;</LI-CODE><P>server.conf</P><LI-CODE lang="markup">[sslConfig] sslRootCAPath = /opt/splunkforwarder/etc/auth/mycerts/my_prepared_cert.pem</LI-CODE><P>&nbsp;&nbsp;</P> Tue, 28 May 2024 08:44:05 GMT deepakc 2024-05-28T08:44:05Z https://community.splunk.com/t5/Getting-Data-In/How-to-resolve-quot-SSL23-GET-CLIENT-HELLO-unknown-protocol-quot/m-p/688591#M114666 <P>After configuring my indexer and forwarder to use SSL I receive the following error:</P><LI-CODE lang="python">Error encountered for connection from src=MY_IP:44978. error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol</LI-CODE><P>output.conf on &nbsp;forwarder:</P><LI-CODE lang="python">[tcpout:group1] server = INDEXER_IP:9998 disabled = 0 sslVerifyServerCert = true useClientSSLCompression = true</LI-CODE><P><SPAN>inputs.conf on indexer:<BR /></SPAN></P><LI-CODE lang="python">[splunktcp-ssl:9998] disabled = 0 connection_host = ip [SSL] serverCert = /opt/splunk/etc/auth/mycerts/my_prepared_cert.pem requireClientCert = false</LI-CODE><P><SPAN>output of&nbsp;</SPAN><SPAN>openssl s_client -connect INDEXER_IP:9998</SPAN></P><LI-CODE lang="python">SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 4E137F80E8629FC675460A5B2A5E13305F5DE4153720F7A2566A7ED2490EF77C Session-ID-ctx: Master-Key: 7AD057B736D12AD4CA0515CF7E7AE9BDB1BB45A05F75DA6042A1A5460110D886BB80BEE06A79CFE94428D33A51B76009 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - e4 37 a8 12 91 c0 0c a0-6e 1b c5 01 31 98 3f 80 .7......n...1.?. 0010 - 95 9b 8d 47 c5 a3 99 33-49 2a f0 86 7f 80 e8 2c ...G...3I*....., 0020 - b7 4e 80 23 ec 4e 0e c6-20 b5 70 9c f9 cd 7d bd .N.#.N.. .p...}. 0030 - 69 93 82 ec 9d 37 51 ba-47 8e a6 23 cb 51 7f 4e i....7Q.G..#.Q.N 0040 - 1f 59 8b 8b 06 c4 dc 23-f9 64 61 69 ea e3 c3 39 .Y.....#.dai...9 0050 - 79 eb 82 a2 5c 0c 28 32-a1 2a a5 a8 50 41 95 54 y...\.(2.*..PA.T 0060 - 5a f6 6d 53 cd 12 d3 34-fe 18 00 50 e0 06 2c 77 Z.mS...4...P..,w 0070 - 0f b9 35 03 a5 08 a2 df-88 23 39 c8 8e b5 81 67 ..5......#9....g 0080 - 71 c1 4e 7a ab 8f b8 36-59 1a 01 ae 7e a6 36 c0 q.Nz...6Y...~.6. 0090 - 5e c2 6e 4f 1d 9f 47 76-cc 38 0e a5 26 91 50 de ^.nO..Gv.8..&amp;.P. Start Time: 1716539462 Timeout : 300 (sec) Verify return code: 0 (ok)</LI-CODE><P><SPAN>&nbsp;</SPAN></P> Fri, 24 May 2024 08:33:33 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-resolve-quot-SSL23-GET-CLIENT-HELLO-unknown-protocol-quot/m-p/688591#M114666 Haleb 2024-05-24T08:33:33Z https://community.splunk.com/t5/Getting-Data-In/How-to-resolve-quot-SSL23-GET-CLIENT-HELLO-unknown-protocol-quot/m-p/688846#M114687 <P>Sounds like you need certs on the UF</P><P>You can copy them from the indexer or put them into an app and deployment them via the Deployment Server inside an app and change the config below paths.&nbsp;</P><P>Example config</P><P>outputs.conf</P><LI-CODE lang="markup">clientCert= /opt/splunkforwarder/etc/auth/mycerts/my_prepared_cert.pem sslPassword = &lt;IF YOU SET A PASSPHRASE&gt;</LI-CODE><P>server.conf</P><LI-CODE lang="markup">[sslConfig] sslRootCAPath = /opt/splunkforwarder/etc/auth/mycerts/my_prepared_cert.pem</LI-CODE><P>&nbsp;&nbsp;</P> Tue, 28 May 2024 08:44:05 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-resolve-quot-SSL23-GET-CLIENT-HELLO-unknown-protocol-quot/m-p/688846#M114687 deepakc 2024-05-28T08:44:05Z