All Apps and Add-ons

SA-ldapsearch error SSL configuration issue: sslVersions=""['tls1.2']"" is an invalid combination

jgoddard
Path Finder

This is the only error that I get, no further information, and so far i haven't been able to run the python from the cli to see if I can get any more information. I have pinned splunkweb to TLS1.2 for quite a while, have had no other issues. My ldap authentication for splunkweb is functioning fine. I don't see this error on answers, and I am confused.

I had suspected that this was a Cert issue, but after doing a lot of checking, I believe it is an issue with the SA-ldapsearch configs.

It appears that even though server.conf understands "tls1.2" as an sslVersion= value for the sslConfig stanza, SA-ldapsearch does NOT. I changed, in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local/ssl.conf to have:
[sslConfig]
sslVersions=tls

and everthing is working. I would like to request an enhancement to SA-ldapsearch such that it understands the sslVersion string of tls1.2

jamesarmitage
Path Finder

If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:

Lines 291-292:

 291         elif not protocol_set.symmetric_difference(('tls1.0',)):
 292             version = ssl.PROTOCOL_TLSv1

append the following (do not include the line numbers):

 293         elif not protocol_set.symmetric_difference(('tls1.2',)):
 294             version = ssl.PROTOCOL_TLSv1

For completeness you might want to add a test for tls1.1, this doesn't apply in my case.

jamesarmitage
Path Finder

If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:

Lines 291-292:

291         elif not protocol_set.symmetric_difference(('tls1.0',)):
292             version = ssl.PROTOCOL_TLSv1

append the following (do not include the line numbers):

293         elif not protocol_set.symmetric_difference(('tls1.2',)):
294             version = ssl.PROTOCOL_TLSv1

For completeness you might want to add a test for tls1.1, this doesn't apply in my case.

jgoddard
Path Finder

Thanks a lot for that tip, James. I will deploy and verify that gets rid of the error I was having.

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Developer Program!

Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...

Splunkbase Year in Review 2024

Reflecting on 2024, it’s clear that innovation and collaboration have defined the journey for Splunk ...

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...