Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DB Connect Addon Integration Issue - Microsoft SQL Server 2012

kiranpanchavat1
Path Finder
‎02-24-2022 05:48 AM

Hello Team,

We are trying to integrate one of the SQL data base using the splunk db connect add-on and we are getting the below error.  Id MS SQL 2012 is compatible with the below db connect and splunkversions ?

Splunk DB Connect

Version: 3.5.1 Build: 4 Splunk Enterprise : 8.1.7.2

DB version is Microsoft SQL Server 2012

ERROR :

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Certificates do not conform to algorithm constraints". ClientConnectionId:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Labels (1)
Labels
Tags (1)
Reply

andrew207
Path Finder
‎11-20-2022 07:25 PM

I have hit this problem too, and it's a bit awkward. Here's what I have learned:

- Even with encrypt=false in your JDBC URL, authentication still occurs over TLS.

- MSSQL 2014 uses 1024-bit keys by default

- Newer versions of JRE/JDK (not sure when it changed) specify minimum key lengths of 2048 for RSA

I am working to solve this by having the MSSQL team configure suitable certs signed by our PKI. As a temporary workaround you may be able to set this:

#$JAVA_HOME/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, RSA keySize < 1024

Notably, we are changing the disabled RSA keySize to <1024, which would allow the 1024-bit keys used by default in MSSQL14 -- even when SSL is explicitely disabled in the JDBC URL.

Tags (1)
0 Karma
Reply

andrew207
Path Finder
‎11-22-2022 01:46 PM 
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, RSA keySize < 1024

Just as a followup, performing this change to allow RSA keysizes of 1024 bits worked fine and when combined with explicitly specifying encrypt=false in the JDBC URL we now have working connectivity. 

0 Karma
Reply

kiranpanchavat1
Path Finder
‎03-02-2022 11:15 PM

can anyone please provide an update on this ?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...