All Apps and Add-ons

How to debug : an SSL exception was thrown when executing a web request ?

jmut
New Member

Hi,

I need to monitor a REST API that requires a client authentication certificate... using website monitoring 2.7.3 on Splunk Enterprise 7.2.0

Using cURL to call the API from the CLI works fine, so the certificate is fine, the web-service response is fine (FYI: it returns a .png image)

The data input gets triggered, a thread is added and later on the thread is removed but "Connection Failed" is all I get.
In the logs, I see the "INFO Performing ping" with the URL, then an ERROR SSL exception was thrown, stating an EOF occurred in violation of protocol (_ssl.c:676). How can I debug this situation to find out what may be the root-cause and solve this ?

I had to change the URI's below for security reasons but that will not keep you from understanding what it does.

Thanks in advance for any help you can offer to help me find and solve the root-cause.

Best Regards,
jmut

018-11-26 16:47:12,201 INFO Performing ping, url="https://servicestst.acme.com/Geo/NetworkAsset/get?VERSION=1.3.0&REQUEST=GetMap&SERVICE=WMS&LAYERS=AC..."
2018-11-26 16:47:12,337 ERROR An SSL exception was thrown when executing a web request against url=https://servicestst.acme.com/Geo/NetworkAsset/get?VERSION=1.3.0&REQUEST=GetMap&SERVICE=WMS&LAYERS=AC... EOF occurred in violation of protocol (_ssl.c:676)

0 Karma

LukeMurphey
Champion

From what I can tell, there are several reasons this may happen:

  1. An issue with the underlying SSL libraries used such that the libraries don't support any of the algorithms that the server requests. The SSL libraries are tied to the platform so there isn't much the app can do to affect this.
  2. An issue with the web-certificate where the protocols are so old that the client cannot resolve a secure protocol to use. In this case the connection is dropped because no protocols can be found to complete the request.

You might want to check the website on SSLLabs (https://www.ssllabs.com/ssltest/) to see if the protocols are old.

0 Karma

jmut
New Member

From what I have been able to find myself, this could have something todo with the version of SSL being used.
Perhaps related to the version of pyopenssl.py from which ssl is imported ?
My cURL uses TLSv1.2, an openssl s_client -connect also works using TLSv1.2 ...

Can I specify the SSL version to be used somehow ? as a parameter in a configuration stanza ? default ?

0 Karma

jmut
New Member

@LukeMurphey Just wondering if you already noticed my post ? Care to comment ? Need more information ?

0 Karma

LukeMurphey
Champion

I'm looking into this.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...