Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DB Connect Addon Integration Issue - Microsoft SQL Server 2012

kiranpanchavat1
Path Finder
‎02-24-2022 05:48 AM

Hello Team,

We are trying to integrate one of the SQL data base using the splunk db connect add-on and we are getting the below error.  Id MS SQL 2012 is compatible with the below db connect and splunkversions ?

Splunk DB Connect

Version: 3.5.1 Build: 4 Splunk Enterprise : 8.1.7.2

DB version is Microsoft SQL Server 2012

ERROR :

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Certificates do not conform to algorithm constraints". ClientConnectionId:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Labels (1)
Labels
Tags (1)
Reply

andrew207
Path Finder
‎11-20-2022 07:25 PM

I have hit this problem too, and it's a bit awkward. Here's what I have learned:

- Even with encrypt=false in your JDBC URL, authentication still occurs over TLS.

- MSSQL 2014 uses 1024-bit keys by default

- Newer versions of JRE/JDK (not sure when it changed) specify minimum key lengths of 2048 for RSA

I am working to solve this by having the MSSQL team configure suitable certs signed by our PKI. As a temporary workaround you may be able to set this:

#$JAVA_HOME/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, RSA keySize < 1024

Notably, we are changing the disabled RSA keySize to <1024, which would allow the 1024-bit keys used by default in MSSQL14 -- even when SSL is explicitely disabled in the JDBC URL.

Tags (1)
0 Karma
Reply

andrew207
Path Finder
‎11-22-2022 01:46 PM 
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, RSA keySize < 1024

Just as a followup, performing this change to allow RSA keysizes of 1024 bits worked fine and when combined with explicitly specifying encrypt=false in the JDBC URL we now have working connectivity. 

0 Karma
Reply

kiranpanchavat1
Path Finder
‎03-02-2022 11:15 PM

can anyone please provide an update on this ?

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top