Alerting

Error when enabling TLS for email.

hutsellmA
Engager

We recently updated our Splunk infrastructure to 8.1 and before we upgraded, the enable TLS option was checked on the mail server settings. The alert_actions.conf has not changed at all. Now for emails being sent, we receive the following error in the python.log:

sendemail:456 - [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:742) while sending mail to: <EMAIL_ADDRESS>
 
If I manually add use_tls = 1 in that conf file, there are no errors, but if enabled on the web UI, it errors with the above. 
 
I am not sure what else to check here as nothing has changed except for the upgrading of the Splunk version on the servers. Has anyone else experienced this?
Labels (1)
0 Karma
1 Solution

burwell
SplunkTrust
SplunkTrust
0 Karma

burwell
SplunkTrust
SplunkTrust

Hi. Did you see this Splunk answers?

https://community.splunk.com/t5/Splunk-Enterprise/Sendmail-sslv3-alert-handshake-failure/m-p/297554

Sounds like a possible cipher suite issue.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...