Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk web is not accessible after installing ES 4.7, Socket error from x.x.x.x while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

saurabh_tek11
Communicator
‎04-18-2018 11:40 PM

i have installed ES 4.7 and it took long time to get installed (left it running last evening and this morning ES was up and running). pending restart. i restarted splunk but after that splunk web is not accessible.

same was happening when i tried installing ES 5(known issue) yesterday but then i removed that and fell back on more stable (IMO) ES4.7 version. Now my splunk web is not accessing on https any idea how to fix this

$INSTALL/var/log/splunk/splunkd.log says - 

04-19-2018 10:08:03.390 +0400 WARN  HttpListener - Socket error from 10.1.23.202 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

There are rw permissions to splunk (user) on /opt/splunk/etc/myinstall/splunkd.xml .

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

saurabh_tek11
Communicator
‎04-19-2018 06:08 AM

The intermediate WAF was the culprit.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

saurabh_tek11
Communicator
‎04-19-2018 06:08 AM

The intermediate WAF was the culprit.

0 Karma
Reply
Solved! Jump to solution

burakcinar
Path Finder
‎04-18-2018 11:49 PM

what's your splunk version ?
it seems there are some known issues for SSL .

http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/Knownissues

server.conf
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf?

sample server.conf

 [sslConfig]
 sslVersions = *,-ssl2
 sslVersionsForClient = *,-ssl2
 cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
0 Karma
Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎04-19-2018 12:23 AM

@burakcinar, The splunk version is splunk Enterprise 7.0.2 and ES version is 4.7
I have added your shared configs in my /system/local/server.conf and restarted splunk but that didnt bring the web accessible. Could you suggest something else.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...