Security

Splunk 7.0.0 management port 8089 - SSL handshake failed

dhavamanis
Builder

After upgrade from Splunk version 6.5.3 to 7.0 management port 8089 - SSL handshake failed through curl or wget. but it works through browser, Can you help us how to access over wget /curl,

[splunk@splunk01 tmp]$ wget --no-check-certificate https://myhostname:8089 --debug
DEBUG output created by Wget 1.11.4 Red Hat modified on linux-gnu.

--2017-10-24 17:41:40-- https://myhostname:8089/
Connecting to myhostname:8089... connected.
Created socket 3.
Releasing 0x000000000b74f1a0 (new refcount 0).
Deleting unused 0x000000000b74f1a0.
Initiating SSL handshake.
SSL handshake failed.
Closed fd 3
Unable to establish SSL connection.
[splunk@splunk01 tmp]$

0 Karma
1 Solution

dhavamanis
Builder

This Splunk known issue (SPL-141961) upgrading to version 6.6 or later. as per workaround after adding the below config in server.conf and its started working.

http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/KnownIssues#Upgrade_issues

[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

dhavamanis
Builder

This Splunk known issue (SPL-141961) upgrading to version 6.6 or later. as per workaround after adding the below config in server.conf and its started working.

http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/KnownIssues#Upgrade_issues

[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

masonmorales
Influencer

If you check the _internal index on the server side, do you see any errors related to the connection?

0 Karma

dhavamanis
Builder

yes, getting this error in the splunkd.log while accessing this over curl/wget,

10-24-2017 19:48:59.486 -0400 WARN HttpListener - Socket error from xxx.yyy.zzz.abc while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...