All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- SA-ldapsearch error SSL configuration issue: sslVe...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SA-ldapsearch error SSL configuration issue: sslVersions=""['tls1.2']"" is an invalid combination
jgoddard
Path Finder
09-11-2015
03:20 PM
This is the only error that I get, no further information, and so far i haven't been able to run the python from the cli to see if I can get any more information. I have pinned splunkweb to TLS1.2 for quite a while, have had no other issues. My ldap authentication for splunkweb is functioning fine. I don't see this error on answers, and I am confused.
I had suspected that this was a Cert issue, but after doing a lot of checking, I believe it is an issue with the SA-ldapsearch configs.
It appears that even though server.conf understands "tls1.2" as an sslVersion= value for the sslConfig stanza, SA-ldapsearch does NOT. I changed, in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local/ssl.conf to have:
[sslConfig]
sslVersions=tls
and everthing is working. I would like to request an enhancement to SA-ldapsearch such that it understands the sslVersion string of tls1.2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jamesarmitage
Path Finder
11-30-2015
02:39 PM
If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:
Lines 291-292:
291 elif not protocol_set.symmetric_difference(('tls1.0',)):
292 version = ssl.PROTOCOL_TLSv1
append the following (do not include the line numbers):
293 elif not protocol_set.symmetric_difference(('tls1.2',)):
294 version = ssl.PROTOCOL_TLSv1
For completeness you might want to add a test for tls1.1, this doesn't apply in my case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jamesarmitage
Path Finder
09-17-2015
10:31 AM
If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:
Lines 291-292:
291 elif not protocol_set.symmetric_difference(('tls1.0',)):
292 version = ssl.PROTOCOL_TLSv1
append the following (do not include the line numbers):
293 elif not protocol_set.symmetric_difference(('tls1.2',)):
294 version = ssl.PROTOCOL_TLSv1
For completeness you might want to add a test for tls1.1, this doesn't apply in my case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jgoddard
Path Finder
09-17-2015
10:37 AM
Thanks a lot for that tip, James. I will deploy and verify that gets rid of the error I was having.
Get Updates on the Splunk Community!
Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...
This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Splunk Community Badges!
Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
