Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Email - Security - Enable TLS not working

deckemha
Explorer
‎07-07-2020 01:02 AM

Hello all,

I've a problem in Splunk Enterprise 7.3 when I want to Enable TLS for Mail delivery.

Problem:

When I activate email security to TLS (Server settings -> Email settings -> Enable TLS) the email delivery is not working anymore.

The SMTP server connection is working (server:port is provided) when I set Email Security to "none".

The logs on the SMTP server have the following error:

smtpd[252494]: SSL_accept error from <splunk_server> [xx.xxx.xx.xxx]: -1
smtpd[252494]: warning: TLS library problem: 252494:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1427:
smtpd[252494]: lost connection after STARTTLS from <splunk_server> [xx.xxx.xx.xxx]
smtpd[252494]: disconnect from <splunk_server> [xx.xxx.xx.xxx], message count 0

Looks like a problem with the used ciphers.

I've checked alertaction.conf in splunk. The following standard settings are set.

sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Do you have any ideas, how to solve this or where to look further?

Thanks and many Regards

Michael

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-07-2020 12:30 PM

Hi

you need to check what are supported chippers and versions of your SMTP mail server.

r. Ismo

View solution in original post

Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-07-2020 12:30 PM

Hi

you need to check what are supported chippers and versions of your SMTP mail server.

r. Ismo

Reply
Solved! Jump to solution

deckemha
Explorer
‎07-13-2020 11:12 PM

Hello Soutamo,

thanks a lot! That helped me to find the correct solution.

I've checked the supported ciphers of our SMTP mail gateway and found out they did not match -> basically thats what the error messages says.. 🙂

After adjusting the splunk alertsaction.conf with a appropriate cipher suite sending emails via TLS is working fine now.

Many Regards

Michael

0 Karma
Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top