Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: DB Connect Addon Integration Issue - Microsof...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DB Connect Addon Integration Issue - Microsoft SQL Server 2012
kiranpanchavat1
Path Finder
02-24-2022
05:48 AM
Hello Team,
We are trying to integrate one of the SQL data base using the splunk db connect add-on and we are getting the below error. Id MS SQL 2012 is compatible with the below db connect and splunkversions ?
Splunk DB Connect
Version: 3.5.1 Build: 4 Splunk Enterprise : 8.1.7.2
DB version is Microsoft SQL Server 2012
ERROR :
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Certificates do not conform to algorithm constraints". ClientConnectionId:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
andrew207
Path Finder
11-20-2022
07:25 PM
I have hit this problem too, and it's a bit awkward. Here's what I have learned:
- Even with encrypt=false in your JDBC URL, authentication still occurs over TLS.
- MSSQL 2014 uses 1024-bit keys by default
- Newer versions of JRE/JDK (not sure when it changed) specify minimum key lengths of 2048 for RSA
I am working to solve this by having the MSSQL team configure suitable certs signed by our PKI. As a temporary workaround you may be able to set this:
#$JAVA_HOME/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, RSA keySize < 1024
Notably, we are changing the disabled RSA keySize to <1024, which would allow the 1024-bit keys used by default in MSSQL14 -- even when SSL is explicitely disabled in the JDBC URL.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
andrew207
Path Finder
11-22-2022
01:46 PM
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, RSA keySize < 1024
Just as a followup, performing this change to allow RSA keysizes of 1024 bits worked fine and when combined with explicitly specifying encrypt=false in the JDBC URL we now have working connectivity.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiranpanchavat1
Path Finder
03-02-2022
11:15 PM
can anyone please provide an update on this ?
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
