Splunk Dev

How to resolve Java Bridge server not running after upgrade to Splunk 6.6.2?

hjaramillo
New Member

jbridge.log

2017-07-31 10:54:04,757 INFO Checking for obsolete java libraries in /opt/splunk/etc/apps/dbx/bin/lib
2017-07-31 10:54:04,765 INFO Started JavaBridgeServer PID=12366
2017-07-31 10:54:05,606 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version  at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199)     at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207)  at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32)    at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40)    at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313)     at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128)  at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version  at sun.security.ssl.Alerts.getSSLException(Unknown Source)  at sun.security.ssl.Alerts.getSSLException(Unknown Source)  at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)    at com.splunk.rest.Splunkd.request(Splunkd.java:216)    at com.splunk.rest.Splunkd.request(Splunkd.java:102)    at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197)     ... 6 more 
2017-07-31 10:54:05,606 ERROR Command output: None

Java Version: jre1.8.0_25

0 Karma
1 Solution

mvarga2
Explorer

For our environment, adding this to our [sslConfig] in server.conf and restarting Splunk resolved the issue:

sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

mvarga2
Explorer

For our environment, adding this to our [sslConfig] in server.conf and restarting Splunk resolved the issue:

sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

hjaramillo
New Member

I did not function

Jbridge.log
2017-08-03 13:25:51,706 INFO Checking for obsolete java libraries in /opt/splunk/etc/apps/dbx/bin/lib
2017-08-03 13:25:51,714 INFO Started JavaBridgeServer PID=29547
2017-08-03 13:25:52,641 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at com.splunk.rest.Splunkd.request(Splunkd.java:216) at com.splunk.rest.Splunkd.request(Splunkd.java:102) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197) ... 6 more
2017-08-03 13:25:52,641 ERROR Command output: None

sslConfig in server.conf :

sslVersionsForClient = tls, -tls1.0, tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256-TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

mvarga2
Explorer

Here is my entire [sslConfig] Does yours contain the two sslKeysfilePassword and sslPassword?

sslKeysfilePassword = YourPassword
sslPassword = YourPassword
sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

davebrooking
Contributor

What version of DB Connect are you trying to run?

Dave

0 Karma

mvarga2
Explorer

It works fine for me after I added the two lines stated above. I am running v1.1.7

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...