All Apps and Add-ons

SSL: Why am I getting the following error after upgrading Splunk to version 7.2?

mauriciothomsen
Engager

Hi,

I started to get the error below after my Splunk was updated:

HttpListener - Socket error from 127.0.0.1 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I thought was some 'garbage' from previous version, but even after running a fresh install, the logs still show the same problem. I found this error while troubleshooting an issue with Splunk Kafka connector which is no longer sending messages to Splunk.

I'm using this instance of Splunk for learning purposes. I upgraded from 6.5 to 7.0. Then a fresh installation was done using 7.2 with same issues.

To provide a more complete picture:
- Splunk was not initially set with SSL
- I was troubleshooting why my Kafka connect was having errors sending data to Splunk
- I noticed a few lines with the above message in the splunkd.log
- I had a Splunk forwarder working before but it was disabled 2 months ago, so it's clear some components talk to themselves using SSL even with the option disabled
- When I set Splunk to use SSL, instead of few messages on the log now I have hundreds of this message per minute
- Thanks for the link provided. With the changes suggested now i'm getting non-stop the following message:

HttpListener - Socket error from 127.0.0.1 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

My concern is to understand which components are trying to talk using SSL so I can better isolate the issue. The information on the logs so far are not enough for me to have a clearer picture.

Saw a couple of discussions with similar error but couldn't find anything that could solve my problem.

Thanks.

renjith_nair
SplunkTrust
SplunkTrust

@mauriciothomsen,
Which version you upgraded to ? There were few compatibility issues due to change in cipher suite and SSL versions. Have a look at this know issues and see if it helps
http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/KnownIssues

Happy Splunking!
0 Karma

sandeeprachuri
Path Finder

@renjith.nair, We are having the same problem and getting the same HttpListener error message as above.

We are on 7.1.2, I am trying to secure my Splunk Web using 3rd party certificate. Enabled SSL, privKeyPath and serverCert in web.conf as suggested in docs.

I see this error as well : "[initandlisten] ** WARNING: No SSL certificate validation can be performed since no CA file has been provided "

Do I need to provide caCertPath in server.conf to avoid this error?

Thanks,
Sandeep

0 Karma

mauriciothomsen
Engager

I'm using this instance of Splunk for learning purposes. I upgraded from 6.5 to 7.0. Then a fresh installation was done using 7.2 with same issues.

To provide a more complete picture:
- Splunk was not initially set with SSL
- I was troubleshooting why my kafka connect was having errors sending data to Splunk
- I noticed a few lines with the above message in the splunkd.log
- I had a Splunk forwarder working before but it was disabled 2 months ago, so it's clear some components talk to themselves using SSL even with the option disabled
- When I set Splunk to use SSL, instead of few messages on the log now I have hundreds of this message per minute
- Thanks for the link provided. With the changes suggested now i'm getting non-stop the following message:

HttpListener - Socket error from 127.0.0.1 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

My concern is to understand which components are trying to talk using SSL so I can better isolate the issue. The information on the logs so far are not enough for me to have a clearer picture.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

Hi @mauriciothomsen,

I added this comment to your above question, which will make it more visible to our community. Thanks for posting!

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...