Solved: Re: Received fatal SSL3 alert

vr2312 · ‎03-01-2017

I am unable to connect to my Indexer ClusterMaster on Cloud on Port 8000.

On checking splunkd.log, i can observe some WARN messages as below.

Not sure if this is related.

03-01-2017 07:26:47.474 -0500 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
03-01-2017 07:26:47.474 -0500 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
03-01-2017 07:26:47.475 -0500 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
03-01-2017 07:26:47.475 -0500 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
03-01-2017 07:26:47.475 -0500 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
03-01-2017 07:26:47.475 -0500 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca

vr2312 · ‎05-24-2017

This occurred due to the network peripherals failing when trying to communicate to the AWS Instances.

The data from our infrastructure to AWS was being sent in size (2 TBs per day) that the peripheral cannot tolerate the traffic any longer and ended up fluctuating and rebooting the devices.

The N/W team then maximized the data that can be sent across and that fixed the issue.

View solution in original post

vr2312 · ‎05-24-2017

This occurred due to the network peripherals failing when trying to communicate to the AWS Instances.

The data from our infrastructure to AWS was being sent in size (2 TBs per day) that the peripheral cannot tolerate the traffic any longer and ended up fluctuating and rebooting the devices.

The N/W team then maximized the data that can be sent across and that fixed the issue.

napomokoetle · ‎05-24-2017

Were you able to resolve this? I'm seeing it in one of my environments too.

vr2312 · ‎05-24-2017

@napomokoetle

Please check whether the connectivity between the instances is normal.

In my case, the connectivity was majorly impacted due from the N/W end.

Once that was resolved, the issue subsided.

napomokoetle · ‎05-24-2017

Even though I'm getting these ssl errors on the Splunk proxy, it seems the data collections from the Splunk Universal Forwarder agents are still happening successfully.
Also, I see that the SSL3 errors only started after I upgraded the Splunk servers to v6.6. Any one know how to eradicate these ssl3 errors.

vr2312 · ‎05-25-2017

@napomokoetle

Please open a new "question" and post it there for users to look into it and respond.

Received fatal SSL3 alert

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation