All Apps and Add-ons

Splunk Add-on for NetApp Data ONTAP: After install, why do I receive several SSL errors "[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure"?

cdstealer
Contributor

Hi, I've installed the Splunk Add-on for NetApp Data ONTAP to collect data from each of our devices. Unfortunately it's not working. I may be missing something obvious, but I thought I'd ask anyway. The server is running Splunk 6.6.0, the Splunk Add-on for NetApp Data ONTAP is version 2.15 and the OS is Oracle Linux Server release 6.9.
I'm getting the following error in /opt/splunk/var/log/splunk/ta_ontap_conf_service.log.

2017-05-20 12:41:36,323 ERROR [TAOntapConfService] [_validate_ontap_server] Could not interact with ontap on host=https://10.180.139.235, error: [OntapClient] Client Side Code Error 13001: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)
None
2017-05-20 12:41:36,335 INFO [TAOntapConfService] [_validate_ontap_server] successfully updated stanza=uigen:-272584:625 credential_validation=False connection_validation=False per_target_credential_validation=['Invalid'] per_target_connection_validation=['Invalid']

Pulling the SSL cert from a device looks to be in order:

$ echo | openssl s_client -showcerts -connect XXX.XXX.XXX.XXX:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/emailAddress=admin@yourcompany.com
        Validity
            Not Before: Jul 16 11:05:36 2015 GMT
            Not After : Jul 12 11:05:36 2030 GMT
        Subject: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/emailAddress=admin@yourcompany.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    some HEX values
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         some more HEX values

Any ideas?
T.I.A.
Steve

hsesterhenn_spl
Splunk Employee
Splunk Employee

Hi,
there has been a new version 2.1.6 released on Friday and they changed some SSL settings.

I have seen customers created new certificates with weird parameters (512 or 1024 bit RSA!).

It looks like the TA is now officially supported by Splunk Enterprise 6.6.x.

Good luck.

P.S.
One additional hint:
Try to connect to you NetApp server using cURL:

curl -ivvvk https://my_netapp_server

It will show you the negotiated algorithms...
If there is something like "SSL connection using DES-CBC3-SHA" shown, than you might check the SSL settings on both ends.
This is 56 bit and so 1990!

This URL might give some more details regarding the algorithms and ciphers in use:
https://unix.stackexchange.com/questions/208437/how-to-convert-ssl-ciphers-to-curl-format

Holger

archspangler
Path Finder

Thanks for the information. Version 2.1.6 corrected the issues that I was having. I can now add my 7-mode filers.

-Archie

0 Karma

archspangler
Path Finder

I am getting the same error with 6.6.1 and Splunk_TA_ontap 2.15. I can successfully poll my C-mode filers but I cannot poll any of my 7-mode controllers. (SSLV3_ALERT_HANDSHAKE_FAILURE)

I logged a case with Splunk Support to see what the say.

0 Karma

aojie654
Path Finder

Hi, archspangler , is there anything update? I need to deploy Ontap Add-on 2.1.5 on splunk 6.4, and the device release version is netapp 8.2 with 7-mode, any ideas please? Thx

0 Karma

jpbonilla
New Member

Hi Steve, I've installed this App and Add-On successfully, I was wondering if you are following this document: http://docs.splunk.com/Documentation/NetApp/2.1.5/DeployNetapp/WhataSplunkAppforNetAppDataONTAPdeplo...

In my deployment, we had to install in the HF the Add-On, and the App + Add On in the indexer.

Also, which mode is the NetApp running?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...