Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Alerting
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Errors in logs Received fatal SSL3 alert. splunkd....
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Errors in logs Received fatal SSL3 alert. splunkd.log
robertlynch2020
Motivator
03-11-2020
03:29 AM
Hi
I am getting this error over and over again , any ideas
03-11-2020 11:16:36.630 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:36.630 +0100 WARN HttpListener - Socket error from 127.0.0.1:45500 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:39.415 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:39.415 +0100 WARN HttpListener - Socket error from 127.0.0.1:45506 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:42.158 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:42.158 +0100 WARN HttpListener - Socket error from 127.0.0.1:45516 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:44.866 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:44.866 +0100 WARN HttpListener - Socket error from 127.0.0.1:45522 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:47.663 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:47.663 +0100 WARN HttpListener - Socket error from 127.0.0.1:45526 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:50.440 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:50.440 +0100 WARN HttpListener - Socket error from 127.0.0.1:45532 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:53.164 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:53.164 +0100 WARN HttpListener - Socket error from 127.0.0.1:45540 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:55.882 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:55.882 +0100 WARN HttpListener - Socket error from 127.0.0.1:45546 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Thanks in advance
Robbie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
03-11-2020
04:18 AM
Where are you getting this error ? Indexer, Search Head, Heavy Forwarder ?
Are you using HEC ? If yes then are you receiving HEC event on SSL/TLS?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
robertlynch2020
Motivator
03-11-2020
04:31 AM
Hi
We are using Splunk 7.3.6 and getting it in splunkd.log
we have universal forwarders sending us data into the main install (One install on one box)
From reading past posts i have tried to update (/splunk/etc/system/local/inuts.conf) the default is empty for SSL.
[SSL]
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
This is my forwarder (So i tried to set my main Splunk cipherSuite to be the same, but it did not work)
[SSL]
default cipher suites that splunk allows. Change this if you wish to increase the security
of SSL connections, or to lower it if you having trouble connecting to splunk.
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
allowSslRenegotiation = true
sslQuietShutdown = false
Allow only sslv3 and above connections
sslVersions = *,-ssl2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
03-11-2020
05:19 AM
Do you mean 7.2.6 because 7.3.6 is not release yet.
What happen if you remove ciphersuite and SSL configuration from UF and Indexer ? And are you running UF and Indexer on same server ?
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
