Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting SSL_GET_RECORD:wrong version number error in Splunk Light 7.3.4

davoilar
New Member
‎03-09-2020 10:18 AM

Hello!

I'm using version 7.3.4 of Splunk Light, rpm install on RHEL 8, forwarder same version and I'm getting this error in the forwarder log:"while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number", what is causing that?

Splunk console recognizes the host the forwarder is located, but unable to exchange data.

Thanks,
Dave

Labels (1)
Labels
Tags (1)
0 Karma
Reply

xavierashe
Contributor
‎03-09-2020 10:34 AM

This looks like a TLS/SSL version mismatch. Try debugging the connection using

$ openssl s_client -debug -connect SPLUNK_SERVER:PORT

and then try adding flags from this set: -no_ssl2, -no_ssl3 and -no_tls1 to work out which version of SSL/TLS has to be enabled for the connection to succeed.

0 Karma
Reply

davoilar
New Member
‎03-09-2020 11:29 AM

Hello,

It is a bit disconcerting that both endpoints, server and forwarder, we installed on RHEL 8 via their respective RPM packages and I see this out of the box. Both end appear to be using TLS1.2.

Thanks,
Dave

0 Karma
Reply

xavierashe
Contributor
‎03-09-2020 11:51 AM

Agreed. Is the connection going through web proxy or load balancer that could be monkeying with the TLS handshake?

0 Karma
Reply

davoilar
New Member
‎03-09-2020 11:54 AM

Nope. these are talking directly to one another with out a load balancer, or nginx or any other proxy mechanism in the middle.

:^)

Dave

0 Karma
Reply
Get Updates on the Splunk Community!

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...