Hi
I am getting this error over and over again , any ideas
03-11-2020 11:16:36.630 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:36.630 +0100 WARN HttpListener - Socket error from 127.0.0.1:45500 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:39.415 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:39.415 +0100 WARN HttpListener - Socket error from 127.0.0.1:45506 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:42.158 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:42.158 +0100 WARN HttpListener - Socket error from 127.0.0.1:45516 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:44.866 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:44.866 +0100 WARN HttpListener - Socket error from 127.0.0.1:45522 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:47.663 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:47.663 +0100 WARN HttpListener - Socket error from 127.0.0.1:45526 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:50.440 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:50.440 +0100 WARN HttpListener - Socket error from 127.0.0.1:45532 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:53.164 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:53.164 +0100 WARN HttpListener - Socket error from 127.0.0.1:45540 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:55.882 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:55.882 +0100 WARN HttpListener - Socket error from 127.0.0.1:45546 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Thanks in advance
Robbie
Where are you getting this error ? Indexer, Search Head, Heavy Forwarder ?
Are you using HEC ? If yes then are you receiving HEC event on SSL/TLS?
Hi
We are using Splunk 7.3.6 and getting it in splunkd.log
we have universal forwarders sending us data into the main install (One install on one box)
From reading past posts i have tried to update (/splunk/etc/system/local/inuts.conf) the default is empty for SSL.
[SSL]
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
This is my forwarder (So i tried to set my main Splunk cipherSuite to be the same, but it did not work)
[SSL]
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
allowSslRenegotiation = true
sslQuietShutdown = false
sslVersions = *,-ssl2
Do you mean 7.2.6 because 7.3.6 is not release yet.
What happen if you remove ciphersuite and SSL configuration from UF and Indexer ? And are you running UF and Indexer on same server ?