Solved: Is there a limitation with the ssl version allowed...

dandaily · ‎12-21-2015

I was attempting to get the ODBC driver working in my environment. I set up the instance according to the documentation, although I found the documentation lacking for the certs assigned in server.conf. When I set it up, I could get the web browser to load the address https://server.name:8089 with a secure connection, but I could not get Microsoft Query to connect (Excel).

I would receive the following error: "[40]error with http api, error code couldn't connect to the server"

server.conf settings:

[sslConfig]
enableSplunkdSSL = true
sslKeysfile = ca_key_inter_root.pem
caCertFile = inter_root.pem
caPath = $SPLUNK_HOME/etc/apps/config_https/mycerts/
sslVersions = *, -ssl2, -ssl3

I solved the issue by updating the sslVersions option to allow "ssl3". The connection started working. The problem is, this opens up vulnerabilities that I am not comfortable with. So now onto the question, I am not sure if this is a limitation of the Splunk ODBC driver, Microsoft Query, or Splunk enterprise? Any Help with clarification would be much appreciated.

dandaily · ‎01-05-2016

With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.

View solution in original post

dandaily · ‎01-05-2016

With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.

Is there a limitation with the ssl version allowed for the Splunk ODBC driver?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms