Splunk Dev

How to resolve Java Bridge server not running after upgrade to Splunk 6.6.2?

hjaramillo
New Member

jbridge.log

2017-07-31 10:54:04,757 INFO Checking for obsolete java libraries in /opt/splunk/etc/apps/dbx/bin/lib
2017-07-31 10:54:04,765 INFO Started JavaBridgeServer PID=12366
2017-07-31 10:54:05,606 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version  at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199)     at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207)  at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32)    at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40)    at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313)     at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128)  at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version  at sun.security.ssl.Alerts.getSSLException(Unknown Source)  at sun.security.ssl.Alerts.getSSLException(Unknown Source)  at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)    at com.splunk.rest.Splunkd.request(Splunkd.java:216)    at com.splunk.rest.Splunkd.request(Splunkd.java:102)    at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197)     ... 6 more 
2017-07-31 10:54:05,606 ERROR Command output: None

Java Version: jre1.8.0_25

0 Karma
1 Solution

mvarga2
Explorer

For our environment, adding this to our [sslConfig] in server.conf and restarting Splunk resolved the issue:

sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

mvarga2
Explorer

For our environment, adding this to our [sslConfig] in server.conf and restarting Splunk resolved the issue:

sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

hjaramillo
New Member

I did not function

Jbridge.log
2017-08-03 13:25:51,706 INFO Checking for obsolete java libraries in /opt/splunk/etc/apps/dbx/bin/lib
2017-08-03 13:25:51,714 INFO Started JavaBridgeServer PID=29547
2017-08-03 13:25:52,641 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at com.splunk.rest.Splunkd.request(Splunkd.java:216) at com.splunk.rest.Splunkd.request(Splunkd.java:102) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197) ... 6 more
2017-08-03 13:25:52,641 ERROR Command output: None

sslConfig in server.conf :

sslVersionsForClient = tls, -tls1.0, tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256-TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

mvarga2
Explorer

Here is my entire [sslConfig] Does yours contain the two sslKeysfilePassword and sslPassword?

sslKeysfilePassword = YourPassword
sslPassword = YourPassword
sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

davebrooking
Contributor

What version of DB Connect are you trying to run?

Dave

0 Karma

mvarga2
Explorer

It works fine for me after I added the two lines stated above. I am running v1.1.7

0 Karma
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...