Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we disable SSL between SH and peers?

kwchang_splunk
Splunk Employee
Splunk Employee
‎07-15-2013 12:33 AM

Dear experts?

When deploying cluster, can we disable SSL between peers and search head?
My customer's SH connects to peers over WAN, so the network bandwidth is not enough. All searches take several seconds before they display the results. Currently dispatch.createProviderQueue is 3~5 seconds.
I'd like to check whether disabling SSL can help this situation by skipping time for SSL handshaking.

Thank you.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Drainy
Champion
‎07-15-2013 12:37 AM

Splunkd runs over SSL by default, so any communication will also be SSL. This isn't something you could disable just for that function as it would require splunkd to bind to another port.

Instead in server.conf you could disable SSL for Splunkd communication. This is probably a bad idea and personally in this case I would suggest that running this setup over a WAN isn't a great idea if you want to improve performance.

http://docs.splunk.com/Documentation/Splunk/5.0.3/admin/Serverconf

Other ways to spin it could be to setup local indexers and have the data forwarded over the WAN between them, not ideal and not the cheapest method but.. it could possibly improve performance at the expense of the speed at which data becomes available to search.

View solution in original post

Reply
Solved! Jump to solution
Solution

Drainy
Champion
‎07-15-2013 12:37 AM

Splunkd runs over SSL by default, so any communication will also be SSL. This isn't something you could disable just for that function as it would require splunkd to bind to another port.

Instead in server.conf you could disable SSL for Splunkd communication. This is probably a bad idea and personally in this case I would suggest that running this setup over a WAN isn't a great idea if you want to improve performance.

http://docs.splunk.com/Documentation/Splunk/5.0.3/admin/Serverconf

Other ways to spin it could be to setup local indexers and have the data forwarded over the WAN between them, not ideal and not the cheapest method but.. it could possibly improve performance at the expense of the speed at which data becomes available to search.

Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎07-17-2013 06:55 PM

SSL is turned off, but nodes are still trying to negotiate using PK. Can we turn off this behavior?

07-18-2013 10:35:44.191 +0900 ERROR NetUtils - Unable to negotiate ssl connection: error=1, Undefined error: 0
07-18-2013 10:35:44.191 +0900 ERROR NetUtils - SSL Error = error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
07-18-2013 10:35:44.191 +0900 WARN DistributedPeerManager - Send failure while pushing PK to search peer = https://xxx.xxx:8093, rv = 2 , http request to peer with uri=https://xxx.xxx:8093 returned an error. Check if the peer is up.

0 Karma
Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎07-16-2013 04:18 PM

That was the problem!
Thank you. Now it works.

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎07-15-2013 02:22 AM

Presumably you've restarted them too? Did you also update any related URIs you've used for the license server, peer config etc to HTTP instead of HTTPS?

Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎07-15-2013 02:02 AM

I also disabled 'enableSplunkdSSL' in all peers. But it doesn't work.

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎07-15-2013 01:45 AM

That sounds like enableSplunkdSSL is still enabled on the client?

0 Karma
Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎07-15-2013 01:37 AM

But.. there were so many errors in splunkd.log.
In master's splunkd.log :
07-15-2013 17:11:39.970 +0900 ERROR HTTPServer - Incomplete request="<80>V^A^C^A^@-^@^@^@ ...

In peers's splunkd.log :
07-15-2013 17:12:10.785 +0900 ERROR NetUtils - Unable to negotiate ssl connection: error=1, Undefined error: 0
07-15-2013 17:12:10.785 +0900 ERROR NetUtils - SSL Error = error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
07-15-2013 17:12:10.785 +0900 ERROR HTTPClient - Should have gotten at least 3 tokens in status line, while getting response code. Only got 0.
...

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎07-15-2013 01:31 AM

Well I would expect it is the same setting on the client. Remember, this is just telling splunkd to use SSL or not, its regardless of its configuration as a server or client. Just the way it communicates, that would be my assumption anyway.

0 Karma
Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎07-15-2013 01:17 AM

Thank you for your comment.
I agree. I don't think this is a good idea. But I'm just trying this for testing. 🙂

I could turn off SSL of splunkd process using enableSplunkdSSL =false in server.conf
But I cannot find client side config for turning off SSL. I tried several parameters including useClientSSLCompression, useSplunkdClientSSLCompression but not successful so far.

Any idea?

Thank you in advance.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...