Hi,
I started to get the error below after my Splunk was updated:
HttpListener - Socket error from 127.0.0.1 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
I thought was some 'garbage' from previous version, but even after running a fresh install, the logs still show the same problem. I found this error while troubleshooting an issue with Splunk Kafka connector which is no longer sending messages to Splunk.
I'm using this instance of Splunk for learning purposes. I upgraded from 6.5 to 7.0. Then a fresh installation was done using 7.2 with same issues.
To provide a more complete picture:
- Splunk was not initially set with SSL
- I was troubleshooting why my Kafka connect was having errors sending data to Splunk
- I noticed a few lines with the above message in the splunkd.log
- I had a Splunk forwarder working before but it was disabled 2 months ago, so it's clear some components talk to themselves using SSL even with the option disabled
- When I set Splunk to use SSL, instead of few messages on the log now I have hundreds of this message per minute
- Thanks for the link provided. With the changes suggested now i'm getting non-stop the following message:
HttpListener - Socket error from 127.0.0.1 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
My concern is to understand which components are trying to talk using SSL so I can better isolate the issue. The information on the logs so far are not enough for me to have a clearer picture.
Saw a couple of discussions with similar error but couldn't find anything that could solve my problem.
Thanks.
@mauriciothomsen,
Which version you upgraded to ? There were few compatibility issues due to change in cipher suite and SSL versions. Have a look at this know issues and see if it helps
http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/KnownIssues
@renjith.nair, We are having the same problem and getting the same HttpListener error message as above.
We are on 7.1.2, I am trying to secure my Splunk Web using 3rd party certificate. Enabled SSL, privKeyPath and serverCert in web.conf as suggested in docs.
I see this error as well : "[initandlisten] ** WARNING: No SSL certificate validation can be performed since no CA file has been provided "
Do I need to provide caCertPath in server.conf to avoid this error?
Thanks,
Sandeep
I'm using this instance of Splunk for learning purposes. I upgraded from 6.5 to 7.0. Then a fresh installation was done using 7.2 with same issues.
To provide a more complete picture:
- Splunk was not initially set with SSL
- I was troubleshooting why my kafka connect was having errors sending data to Splunk
- I noticed a few lines with the above message in the splunkd.log
- I had a Splunk forwarder working before but it was disabled 2 months ago, so it's clear some components talk to themselves using SSL even with the option disabled
- When I set Splunk to use SSL, instead of few messages on the log now I have hundreds of this message per minute
- Thanks for the link provided. With the changes suggested now i'm getting non-stop the following message:
HttpListener - Socket error from 127.0.0.1 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
My concern is to understand which components are trying to talk using SSL so I can better isolate the issue. The information on the logs so far are not enough for me to have a clearer picture.
Hi @mauriciothomsen,
I added this comment to your above question, which will make it more visible to our community. Thanks for posting!