Splunk Enterprise Security

Splunk web is not accessible after installing ES 4.7, Socket error from x.x.x.x while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

saurabh_tek11
Communicator

i have installed ES 4.7 and it took long time to get installed (left it running last evening and this morning ES was up and running). pending restart. i restarted splunk but after that splunk web is not accessible.

same was happening when i tried installing ES 5(known issue) yesterday but then i removed that and fell back on more stable (IMO) ES4.7 version. Now my splunk web is not accessing on https any idea how to fix this

$INSTALL/var/log/splunk/splunkd.log says -

04-19-2018 10:08:03.390 +0400 WARN  HttpListener - Socket error from 10.1.23.202 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

There are rw permissions to splunk (user) on /opt/splunk/etc/myinstall/splunkd.xml .

0 Karma
1 Solution

saurabh_tek11
Communicator

The intermediate WAF was the culprit.

View solution in original post

0 Karma

saurabh_tek11
Communicator

The intermediate WAF was the culprit.

0 Karma

burakcinar
Path Finder

what's your splunk version ?
it seems there are some known issues for SSL .

http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/Knownissues

server.conf
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf?

sample server.conf

 [sslConfig]
 sslVersions = *,-ssl2
 sslVersionsForClient = *,-ssl2
 cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
0 Karma

saurabh_tek11
Communicator

@burakcinar, The splunk version is splunk Enterprise 7.0.2 and ES version is 4.7
I have added your shared configs in my /system/local/server.conf and restarted splunk but that didnt bring the web accessible. Could you suggest something else.

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...