All Apps and Add-ons

Splunk DB Connect: Why is there a TLS ERROR between bridge and MS SQL Server?

passbt
Explorer

I'm unable to get Splunk DB Connect 1.2.2 (Yes, I know its old) to connect to an instance of MS SQL server where TLS 1.0 has been disabled. When the connection attempt is made I get the error below. When I enable -Djavax.net.debug=all I can clearly see Splunk trying to pass a TLS1.0 handshake over to the database. In fact, I have two database connections configured in the Splunk DB Connect app. One has a database where TLS1.0 is not disabled and the other is a database where we've disabled TLS1.0. As you can imagine the database where we haven't disabled TLS1.0 is working just fine, but the other connection is not. We are running Java 1.7.60. I've tried switching over to Java 1.8.74

2018-02-27 13:27:41.556 dbx9703:ERROR:DatabaseList - Error fetching database catalogs: java.sql.SQLException: Network error IOException: null
java.sql.SQLException: Network error IOException: null
    at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:417)
    at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
    at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:185)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at com.splunk.dbx.sql.type.impl.AbstractDatabaseType.connect(AbstractDatabaseType.java:139)
    at com.splunk.dbx.sql.type.impl.MicrosoftSqlServer.connect(MicrosoftSqlServer.java:85)
    at com.splunk.dbx.sql.type.impl.AbstractJtdsDatabaseType.listCatalogs(AbstractJtdsDatabaseType.java:48)
    at com.splunk.dbx.info.DatabaseList.invoke(DatabaseList.java:34)
    at com.splunk.bridge.session.BridgeSession.call(BridgeSession.java:92)
    at com.splunk.bridge.session.BridgeSession.call(BridgeSession.java:30)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException
    at net.sourceforge.jtds.ssl.TdsTlsInputStream.readFully(TdsTlsInputStream.java:137)
    at net.sourceforge.jtds.ssl.TdsTlsInputStream.primeBuffer(TdsTlsInputStream.java:100)
    at net.sourceforge.jtds.ssl.TdsTlsInputStream.read(TdsTlsInputStream.java:78)
    at sun.security.ssl.InputRecord.readFully(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at
1 Solution

jeremiahMN
Explorer

Have you tried to upgrade to java 7.95 and use the magic  ‑Djdk.tls.client.protocols="TLSv1.1,TLSv1.2" system property?

View solution in original post

0 Karma

jeremiahMN
Explorer

Have you tried to upgrade to java 7.95 and use the magic  ‑Djdk.tls.client.protocols="TLSv1.1,TLSv1.2" system property?

0 Karma

passbt
Explorer

Right, so I upgraded to Java 1.7.95 and specified ‑Djdk.tls.client.protocols="TLSv1.1,TLSv1.2" located in the SPLUNK_HOME/apps/dbx/local/java.conf.

My full java.conf is below.

[java]
home = /usr/java/latest/
options = -Xmx1G -Dfile.encoding=UTF-8 -server -Duser.language=en -Duser.region= -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols="TLSv1.1,TLSv1.2"

Logging settings

[logging]
level = DEBUG
file = dbx.log
console = false
logger.com.splunk.dbx = DEBUG

Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...