Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Received fatal SSL3 alert
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am unable to connect to my Indexer ClusterMaster on Cloud on Port 8000.
On checking splunkd.log, i can observe some WARN messages as below.
Not sure if this is related.
03-01-2017 07:26:47.474 -0500 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
03-01-2017 07:26:47.474 -0500 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
03-01-2017 07:26:47.475 -0500 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
03-01-2017 07:26:47.475 -0500 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
03-01-2017 07:26:47.475 -0500 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
03-01-2017 07:26:47.475 -0500 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This occurred due to the network peripherals failing when trying to communicate to the AWS Instances.
The data from our infrastructure to AWS was being sent in size (2 TBs per day) that the peripheral cannot tolerate the traffic any longer and ended up fluctuating and rebooting the devices.
The N/W team then maximized the data that can be sent across and that fixed the issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This occurred due to the network peripherals failing when trying to communicate to the AWS Instances.
The data from our infrastructure to AWS was being sent in size (2 TBs per day) that the peripheral cannot tolerate the traffic any longer and ended up fluctuating and rebooting the devices.
The N/W team then maximized the data that can be sent across and that fixed the issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Were you able to resolve this? I'm seeing it in one of my environments too.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@napomokoetle
Please check whether the connectivity between the instances is normal.
In my case, the connectivity was majorly impacted due from the N/W end.
Once that was resolved, the issue subsided.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Even though I'm getting these ssl errors on the Splunk proxy, it seems the data collections from the Splunk Universal Forwarder agents are still happening successfully.
Also, I see that the SSL3 errors only started after I upgraded the Splunk servers to v6.6. Any one know how to eradicate these ssl3 errors.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@napomokoetle
Please open a new "question" and post it there for users to look into it and respond.
Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps
What’s New in Splunk Observability – September 2025
Fun with Regular Expression - multiples of nine
