All Apps and Add-ons

Is there a limitation with the ssl version allowed for the Splunk ODBC driver?

dandaily
Explorer

I was attempting to get the ODBC driver working in my environment. I set up the instance according to the documentation, although I found the documentation lacking for the certs assigned in server.conf. When I set it up, I could get the web browser to load the address https://server.name:8089 with a secure connection, but I could not get Microsoft Query to connect (Excel).

I would receive the following error: "[40]error with http api, error code couldn't connect to the server"

server.conf settings:

[sslConfig]
enableSplunkdSSL = true
sslKeysfile = ca_key_inter_root.pem
caCertFile = inter_root.pem
caPath = $SPLUNK_HOME/etc/apps/config_https/mycerts/
sslVersions = *, -ssl2, -ssl3

I solved the issue by updating the sslVersions option to allow "ssl3". The connection started working. The problem is, this opens up vulnerabilities that I am not comfortable with. So now onto the question, I am not sure if this is a limitation of the Splunk ODBC driver, Microsoft Query, or Splunk enterprise? Any Help with clarification would be much appreciated.

0 Karma
1 Solution

dandaily
Explorer

With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.

View solution in original post

0 Karma

dandaily
Explorer

With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...