Splunk Enterprise

SSL: WRONG_VERSION_NUMBER when sending email

gbennett111
New Member

HI,

I am getting the following error when trying to send an email

command="sendemail", [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:741) while sending mail to

using the command
index=_internal | head 1 | sendemail to="my email" from="domain email" format="html" server=smtp-relay.gmail.com:587 use_ssl=1

How can I fix this error?

Thanks

Tags (1)
0 Karma

gbennett111
New Member

Thanks Skalli,

After applying the config change and adding
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

Got rid of that error now getting
command="sendemail", [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:741)

Running the below command returns the following

sudo ./splunk/bin/splunk cmd openssl s_client -connect smtp-relay.gmail.com:587 | awk '/Protocol/ || /Cipher/ || /Verify/'
140005157344960:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:827:
New, (NONE), Cipher is (NONE)
Protocol : TLSv1.2
Cipher : 0000
Verify return code: 0 (ok)

The server has other applications successfully sending emails via the above mail server so I am missing something in the config.

0 Karma

amandeepsingh
Explorer

Try to use default port 465 not 587

0 Karma

skalliger
SplunkTrust
SplunkTrust

Hm, this seems weird. Are you using a certificate of your own CA (or Let's Encrypt)? Can you test that certificate (validate) and check if it's in the correct format? If you can not connct wiht openssl to that server, it's the certificate.

Skalli

0 Karma

gbennett111
New Member

Hi Skalli,

It's not our certificate it's Google's certificate and as stated we have other applications installed (Jira, Confluence) that can successfully connect and send emails via the same mail server.

I am at a loss as well as I do not know why one application is working correctly and another is not. I may have to try a different mail server and see how I go.

Thanks.

0 Karma

skalliger
SplunkTrust
SplunkTrust

Hey,

take a look at the known issues. Search for SPL-138647, hope this helps.

Skalli

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...