Security
Highlighted

curl (35) error Rest API

Path Finder

When I try to run this command in REST API

curl -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export

I get this error...

* About to connect() to myserver port 80 (#0)
*   Trying 1.1.1.1... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I edited some fields for my privacy.

Does anyone know how to fix this? I'm rather new at Splunk and Rest API

0 Karma
Highlighted

Re: curl (35) error Rest API

Path Finder

Updated this with a different error. Does anyone know what "SSL3GETRECORD:wrong version number" means?

0 Karma
Highlighted

Re: curl (35) error Rest API

Legend

The first thing I react to when reading your question is that you're trying to connect to an SSL enabled service on port 80. This is not a very common setup - 80 is usually reserved for regular HTTP services.

Also, even if your Splunk instance's user web interface IS listening with SSL on port 80, the port you need to use for calling the REST API is the splunkd port, not the splunkweb port. The splunkd is by default 8089.

View solution in original post

0 Karma
Highlighted

Re: curl (35) error Rest API

Path Finder

But it is connecting to the server on port 80. When I switch it to 8089 it times out. Can you think of anything else?

0 Karma
Highlighted

Re: curl (35) error Rest API

Legend

Sounds like firewall issues. I see that it is connecting on port 80, but like I said, unless you actually changed the splunkd port, port 80 is NOT the port you want to be connecting to.

0 Karma
Highlighted

Re: curl (35) error Rest API

Path Finder

Hmm. How would I be able to fix a firewall problem if that is what's causing this?

0 Karma
Highlighted

Re: curl (35) error Rest API

Legend

How to do that in your specific setup is beyond my knowledge my friend 🙂 If you have access to the box and there's a local firewall on it blocking access to port 8089, then open a port there. If it's a matter of a firewall somewhere along the network path from your box to the Splunk server, you need to fix it there.

0 Karma
Highlighted

Re: curl (35) error Rest API

Communicator

Hi,

For next users geting this problem after upgrade to splunk 6.2 or later, Splunk now allow only tls v1.2 as ssl version (http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/SetyourSSLversion).
I had rest api from a late curl program, and had to update curl.
Then the curl command must specify sslversion:

curl --tlsv1.2 -k -vvv -u user:pass -d "search=savedsearch %22My%20Search%22" https://myserver:80/servicesNS/user/search/search/jobs/export

Hope that helps.

Olivier.

0 Karma