ERROR TcpInputFd - SSL Error - what does it mean?

Mick · ‎01-22-2010

I have a lot of these ERROR messages in the splunkd.log on my indexing instance, what is it trying to tell me?

A snippet of the log says -

01-22-2010 15:21:24.544 ERROR TcpInputFd - SSL Error = error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request 
01-22-2010 15:21:24.544 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0 
01-22-2010 15:21:24.544 ERROR TcpInputFd - SSL Error for fd from HOST:<hostName>, IP:<Ip_Address>, PORT:<port#>

Strype · ‎05-03-2013

Retina Scan... That's what's causing mine. Check any vulnerability scan times against the error time.

Chris_R_ · ‎01-22-2010

You will see this error if SSL is enabled on the indexer but not configured to forward w/ssl attempting to make the connections.

To enable SSL forwarding please see this document for details. http://www.splunk.com/base/Documentation/4.0.8/Admin/UseSSLencryptionbetweenforwardersandreceivers

Lowell · ‎04-13-2010

I have no SSL forwarding or receiving setup and I'm still seeing similar error messages.

V_at_Splunk · ‎01-22-2010

How do I get rid of this error message -- for now at least? (I've filed a bug on this, since ERROR message should only be result of an error condition.)

ERROR TcpInputFd - SSL Error - what does it mean?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!