All Apps and Add-ons

Is there a limitation with the ssl version allowed for the Splunk ODBC driver?

Explorer

I was attempting to get the ODBC driver working in my environment. I set up the instance according to the documentation, although I found the documentation lacking for the certs assigned in server.conf. When I set it up, I could get the web browser to load the address https://server.name:8089 with a secure connection, but I could not get Microsoft Query to connect (Excel).

I would receive the following error: "[40]error with http api, error code couldn't connect to the server"

server.conf settings:

[sslConfig]
enableSplunkdSSL = true
sslKeysfile = ca_key_inter_root.pem
caCertFile = inter_root.pem
caPath = $SPLUNK_HOME/etc/apps/config_https/mycerts/
sslVersions = *, -ssl2, -ssl3

I solved the issue by updating the sslVersions option to allow "ssl3". The connection started working. The problem is, this opens up vulnerabilities that I am not comfortable with. So now onto the question, I am not sure if this is a limitation of the Splunk ODBC driver, Microsoft Query, or Splunk enterprise? Any Help with clarification would be much appreciated.

0 Karma
1 Solution

Explorer

With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.

View solution in original post

0 Karma

Explorer

With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.

View solution in original post

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!