Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure Splunk DB Connect 1 to support TLS encryption?

splunkIT
Splunk Employee
Splunk Employee
‎11-12-2015 08:38 AM

I am using DBX v1, and would like to take advantage of splunkd using TLS 1.2 (this is in [sslconfig] for server.conf):

## ./etc/system/local/server.conf:
[sslconfig]
sslVersions = tls1.2

But when I do, the jbridge won't start; this is what I found in the jbridge.log:

2015-11-12 10:25:22,786 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version      at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199)     at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207)  at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32)    at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40)    at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313)         at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128)      at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version      at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)     at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)     at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)   at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)   at com.splunk.rest.Splunkd.request(Splunkd.java:216)    at com.splunk.rest.Splunkd.request(Splunkd.java:102)    at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197)     ... 6 more
2015-11-12 10:25:22,787 ERROR Command output: None
Reply
1 Solution
Solved! Jump to solution
Solution

lagnone_splunk
Splunk Employee
Splunk Employee
‎11-12-2015 08:41 AM

Assuming you're using Oracle's JRE/JDK 7, you will find that TLSv1.2 support is not enabled by default.
To add TLS functionality, simply add any combination of this flag into the JVM command line options on the DBX setup page:
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

View solution in original post

Reply
Solved! Jump to solution
Solution

lagnone_splunk
Splunk Employee
Splunk Employee
‎11-12-2015 08:41 AM

Assuming you're using Oracle's JRE/JDK 7, you will find that TLSv1.2 support is not enabled by default.
To add TLS functionality, simply add any combination of this flag into the JVM command line options on the DBX setup page:
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

Reply
Solved! Jump to solution

splunkIT
Splunk Employee
Splunk Employee
‎11-12-2015 08:46 AM

Thanks @Lagnone. That worked for me. I am on java 7. Curious to know if these params are needed for java 8 as well.

0 Karma
Reply
Solved! Jump to solution

lagnone_splunk
Splunk Employee
Splunk Employee
‎11-12-2015 10:24 AM

You should not need these on Java 8

0 Karma
Reply
Solved! Jump to solution

peter_krammer
Communicator
‎01-11-2016 07:08 AM

We had the same issue with Oracle Java 1.8.0_66.
But the Solution worked here too.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...