All Apps and Add-ons

SA-ldapsearch error SSL configuration issue: sslVersions=""['tls1.2']"" is an invalid combination

jgoddard
Path Finder

This is the only error that I get, no further information, and so far i haven't been able to run the python from the cli to see if I can get any more information. I have pinned splunkweb to TLS1.2 for quite a while, have had no other issues. My ldap authentication for splunkweb is functioning fine. I don't see this error on answers, and I am confused.

I had suspected that this was a Cert issue, but after doing a lot of checking, I believe it is an issue with the SA-ldapsearch configs.

It appears that even though server.conf understands "tls1.2" as an sslVersion= value for the sslConfig stanza, SA-ldapsearch does NOT. I changed, in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local/ssl.conf to have:
[sslConfig]
sslVersions=tls

and everthing is working. I would like to request an enhancement to SA-ldapsearch such that it understands the sslVersion string of tls1.2

jamesarmitage
Path Finder

If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:

Lines 291-292:

 291         elif not protocol_set.symmetric_difference(('tls1.0',)):
 292             version = ssl.PROTOCOL_TLSv1

append the following (do not include the line numbers):

 293         elif not protocol_set.symmetric_difference(('tls1.2',)):
 294             version = ssl.PROTOCOL_TLSv1

For completeness you might want to add a test for tls1.1, this doesn't apply in my case.

jamesarmitage
Path Finder

If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:

Lines 291-292:

291         elif not protocol_set.symmetric_difference(('tls1.0',)):
292             version = ssl.PROTOCOL_TLSv1

append the following (do not include the line numbers):

293         elif not protocol_set.symmetric_difference(('tls1.2',)):
294             version = ssl.PROTOCOL_TLSv1

For completeness you might want to add a test for tls1.1, this doesn't apply in my case.

jgoddard
Path Finder

Thanks a lot for that tip, James. I will deploy and verify that gets rid of the error I was having.

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...