Solved: Re: curl (35) error Rest API

zackh123 · ‎10-22-2012

When I try to run this command in REST API

curl -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export

I get this error...

* About to connect() to myserver port 80 (#0)
*   Trying 1.1.1.1... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I edited some fields for my privacy.

Does anyone know how to fix this? I'm rather new at Splunk and Rest API

Ayn · ‎10-22-2012

The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.

Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.

View solution in original post

o_calmels · ‎09-26-2017

Hi,

For next users geting this problem after upgrade to splunk 6.2 or later, Splunk now allow only tls v1.2 as ssl version (http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/SetyourSSLversion).
I had rest api from a late curl program, and had to update curl.
Then the curl command must specify sslversion:

curl --tlsv1.2 -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export

Hope that helps.

Olivier.

Ayn · ‎10-22-2012

The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.

Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.

Ayn · ‎10-22-2012

How to do that in your specific setup is beyond my knowledge my friend 🙂 If you have access to the box and there's a local firewall on it blocking access to port 8089, then open a port there. If it's a matter of a firewall somewhere along the network path from your box to the Splunk server, you need to fix it there.

zackh123 · ‎10-22-2012

Hmm. How would I be able to fix a firewall problem if that is what's causing this?

Ayn · ‎10-22-2012

Sounds like firewall issues. I see that it is connecting on port 80, but like I said, unless you actually changed the splunkd port, port 80 is NOT the port you want to be connecting to.

zackh123 · ‎10-22-2012

But it is connecting to the server on port 80. When I switch it to 8089 it times out. Can you think of anything else?

zackh123 · ‎10-22-2012

Updated this with a different error. Does anyone know what "SSL3_GET_RECORD:wrong version number" means?

curl (35) error Rest API

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation