Security

curl (35) error Rest API

zackh123
Path Finder

When I try to run this command in REST API

curl -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export

I get this error...

* About to connect() to myserver port 80 (#0)
*   Trying 1.1.1.1... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I edited some fields for my privacy.

Does anyone know how to fix this? I'm rather new at Splunk and Rest API

0 Karma
1 Solution

Ayn
Legend

The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.

Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.

View solution in original post

0 Karma

o_calmels
Communicator

Hi,

For next users geting this problem after upgrade to splunk 6.2 or later, Splunk now allow only tls v1.2 as ssl version (http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/SetyourSSLversion).
I had rest api from a late curl program, and had to update curl.
Then the curl command must specify sslversion:

curl --tlsv1.2 -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export

Hope that helps.

Olivier.

0 Karma

Ayn
Legend

The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.

Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.

0 Karma

Ayn
Legend

How to do that in your specific setup is beyond my knowledge my friend 🙂 If you have access to the box and there's a local firewall on it blocking access to port 8089, then open a port there. If it's a matter of a firewall somewhere along the network path from your box to the Splunk server, you need to fix it there.

0 Karma

zackh123
Path Finder

Hmm. How would I be able to fix a firewall problem if that is what's causing this?

0 Karma

Ayn
Legend

Sounds like firewall issues. I see that it is connecting on port 80, but like I said, unless you actually changed the splunkd port, port 80 is NOT the port you want to be connecting to.

0 Karma

zackh123
Path Finder

But it is connecting to the server on port 80. When I switch it to 8089 it times out. Can you think of anything else?

0 Karma

zackh123
Path Finder

Updated this with a different error. Does anyone know what "SSL3_GET_RECORD:wrong version number" means?

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...