Developing for Splunk Enterprise
Highlighted

"No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Communicator

Hi all,

I've been doing some testing on my local machine prior to going to any test or live Splunk environments, but, for some reason, it's started throwing exceptions when trying to connect from Eclipse to my localhost:8089 Splunk instance. This previously worked and I've changed no config, so I'm not really sure what's happened.

Was previously using 6.1.3, but upgraded to 6.2.1 and am experiencing the same issues. The Splunk connection code in my java app hasn't changed in over a month, so I'm at a bit of a loss. What's more is the current version of this code is in production and connects to local lightweight forwarders without any issues.

Exception below:
2015/01/23 15:11:42 INFO com.companyname.perfmonreader.splunk.SplunkConnectHandler - Setting up Splunk connection service
Exception in thread "Thread-0" java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.splunk.HttpService.send(HttpService.java:345)
at com.splunk.Service.send(Service.java:1268)
at com.splunk.HttpService.post(HttpService.java:243)
at com.splunk.Service.login(Service.java:1099)
at com.splunk.Service.login(Service.java:1079)
at com.splunk.Service.connect(Service.java:183)
at com.companyname.perfmonreader.splunk.SplunkConnectHandler.run(SplunkConnectHandler.java:20)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Unknown Source)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at com.splunk.HttpService.send(HttpService.java:338)
... 7 more

The code being used is as follows (simplified for readability):
loginArgs.setUsername(splunkProps.getProperty("username"));
loginArgs.setPassword(splunkProps.getProperty("password"));
loginArgs.setPort(Integer.parseInt(splunkProps.getProperty("port")));
loginArgs.setHost(InetAddress.getLocalHost().getHostName());
SplunkServiceHandler.setService(Service.connect(loginArgs));

Any help would be greatly appreciated!

Cheers,
Alex

Tags (1)
Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Engager

Hi Alex,

Splunk needs to release a new jar without SSLv3 hardwired (in HttpService.java) in order to make this work with the latest Java 8. Meanwhile you need to stick with Java 7 or build your own jar from the SDK package and use SSLv2 instead.

View solution in original post

Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Communicator

Ah that was daft of me. I had updated Java a week before to 8u31 (previously 8u25, I think) and this broke it. Tried recompiling with different SSL, but just ended up rolling back Java.

Many thanks!

0 Karma
Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Explorer

Now SSLv3 is disabled by default in updated versions of JDK.
As alternative you can update the /lib/security/java.security file and comment the line #jdk.tls.disabledAlgorithms=SSLv3
Same issue and Worked here.

Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Splunk Employee
Splunk Employee

You can recompile the jar after editing the HttpService.java to assign the appropriate SSLContext if SSLv3 is not appropriate:

--- /splunk/src/splunk-sdk-java/splunk-sdk-java-1.3.1/splunk/com/splunk/HttpService.java 2014-08-21 14:07:12.000000000 -0400 
+++ /splunk/src/splunk-sdk-java/patch/splunk/com/splunk/HttpService.java 2014-12-16 00:12:59.655857080 -0500 
@@ -397,7 +397,7 @@ 
} 
}; 
try { 
- SSLContext context = SSLContext.getInstance("SSL"); 
+ SSLContext context = SSLContext.getInstance("TLSv1.2"); 
context.init(null, trustAll, new java.security.SecureRandom()); 
return new SSLv3SocketFactory(context.getSocketFactory()); 
} catch (Exception e) { 
@@ -408,7 +408,7 @@ 
private static final class SSLv3SocketFactory extends SSLSocketFactory { 
private final SSLSocketFactory delegate; 

- public static final String[] PROTOCOLS = {"SSLv3"}; 
+ public static final String[] PROTOCOLS = {"TLSv1.2"}; 

private SSLv3SocketFactory(SSLSocketFactory delegate) { 
this.delegate = delegate;

Reference:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext

Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Explorer

Now SSLv3 is disabled by default in updated versions of JDK.
As alternative you can update the /lib/security/java.security file and comment the line #jdk.tls.disabledAlgorithms=SSLv3
Same issue and Worked here.

Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Path Finder

Just figured this out myself.

Long morning of rolling back packages to figure this out.

Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Engager

This works

0 Karma
Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Engager

Worked for me, thanks!

0 Karma
Highlighted

Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise

Engager

This a comment but not an answer. I have downloaded the latest Splunk and SDK but I continue to get the : "No appropriate protocol" error. On previous versions I commented the "#jdk.tls.disabledAlgorithms=SSLv3" line in java.security and that worked. But with the latest versions (downloaded today) I cannot query Splunk from my Java app. I looked in the code and the SDK still uses SSLv3 in HttpService.java. Any other suggestions? Are their any other security flags that could be set to stop SSLv3?

0 Karma