Getting Data In

Why deployment-server can't display app of UF by handshake failure?

Builder

UF : 6.4.5
Deployment-server : 6.6.11

If I execute this in UF, it is no problem.

/opt/splunkforwarder/bin/splunk display app -uri https://<deployment-server's ip address>:8089 -auth <user>:<pw>

But if I execute this in deployment-server, below error is displayed.

/opt/splunk/bin/splunk display app -uri https://<UF's ip address>:8089 -auth <user>:<pw>

Error message : 
Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I thought it is ssl issue, so I configured server.conf in deployment-server like below, but it is still not working...

[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

https://docs.splunk.com/Documentation/Splunk/6.6.11/ReleaseNotes/KnownIssues
https://docs.splunk.com/Documentation/Forwarder/6.6.11/Forwarder/Compatibilitybetweenforwardersandin...

How can I solve it?
Please someone help me.

1 Solution

Builder

I can avoid it by configured below settings in etc/system/local/web.conf.

[settings]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

Builder

I can avoid it by configured below settings in etc/system/local/web.conf.

[settings]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

SplunkTrust
SplunkTrust

Hi,

After modifying server.conf, have you restarted splunk on Deployment server ?

0 Karma

Builder

Thank you for comment!

Yes, I did.
Thanks to changes made to server.conf, UF is visible on forwarder management screen.

However, an error still occurs in the CLI...

0 Karma