All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to debug : an SSL exception was thrown when executing a web request ?

jmut
New Member
‎11-27-2018 12:16 AM

Hi,

I need to monitor a REST API that requires a client authentication certificate... using website monitoring 2.7.3 on Splunk Enterprise 7.2.0

Using cURL to call the API from the CLI works fine, so the certificate is fine, the web-service response is fine (FYI: it returns a .png image)

The data input gets triggered, a thread is added and later on the thread is removed but "Connection Failed" is all I get.
In the logs, I see the "INFO Performing ping" with the URL, then an ERROR SSL exception was thrown, stating an EOF occurred in violation of protocol (_ssl.c:676). How can I debug this situation to find out what may be the root-cause and solve this ?

I had to change the URI's below for security reasons but that will not keep you from understanding what it does.

Thanks in advance for any help you can offer to help me find and solve the root-cause.

Best Regards,
jmut

018-11-26 16:47:12,201 INFO Performing ping, url="https://servicestst.acme.com/Geo/NetworkAsset/get?VERSION=1.3.0&REQUEST=GetMap&SERVICE=WMS&LAYERS=AC..."
2018-11-26 16:47:12,337 ERROR An SSL exception was thrown when executing a web request against url=https://servicestst.acme.com/Geo/NetworkAsset/get?VERSION=1.3.0&REQUEST=GetMap&SERVICE=WMS&LAYERS=AC... EOF occurred in violation of protocol (_ssl.c:676)

0 Karma
Reply

LukeMurphey
Champion
‎12-04-2018 09:55 AM

From what I can tell, there are several reasons this may happen:

  1. An issue with the underlying SSL libraries used such that the libraries don't support any of the algorithms that the server requests. The SSL libraries are tied to the platform so there isn't much the app can do to affect this.
  2. An issue with the web-certificate where the protocols are so old that the client cannot resolve a secure protocol to use. In this case the connection is dropped because no protocols can be found to complete the request.

You might want to check the website on SSLLabs (https://www.ssllabs.com/ssltest/) to see if the protocols are old.

0 Karma
Reply

jmut
New Member
‎11-27-2018 01:29 AM

From what I have been able to find myself, this could have something todo with the version of SSL being used.
Perhaps related to the version of pyopenssl.py from which ssl is imported ?
My cURL uses TLSv1.2, an openssl s_client -connect also works using TLSv1.2 ...

Can I specify the SSL version to be used somehow ? as a parameter in a configuration stanza ? default ?

0 Karma
Reply

jmut
New Member
‎11-29-2018 11:15 PM

@LukeMurphey Just wondering if you already noticed my post ? Care to comment ? Need more information ?

0 Karma
Reply

LukeMurphey
Champion
‎12-03-2018 11:24 PM

I'm looking into this.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...