Splunk Enterprise

Sendmail sslv3 alert handshake failure

f_hartmann
New Member

After Upgrading to Splunk Light 6.6 last week I did not get any emails from my splunk server. In python.log I see the following errors:

  ERROR sendemail:443 - [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676) while sending mail 

I am connecting to the mail server over port 587 using "Enable TLS" without username.

Any ideas whats going wrong?

0 Karma
1 Solution

mgo
Splunk Employee
Splunk Employee

Please see the notes for issue SPL-138647 which contains the steps for figuring out what SSL/TLS versions and cipher suites your e-mail server supports:

https://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

If security is not a concern, you can also just revert back to the previous release settings:

$SPLUNK_HOME/etc/system/local/alert_actions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

0 Karma

mgo
Splunk Employee
Splunk Employee

Please see SPL-138647 in the release notes to determine what SSL/TLS version and cipher suites your e-mail server supports:

http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

Alternatively, if security is not a concern, you can also revert to the 6.5.x configuration:

$SPLUNK_HOME/etc/system/local/alert_actions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

mgo
Splunk Employee
Splunk Employee

Please see the notes for issue SPL-138647 which contains the steps for figuring out what SSL/TLS versions and cipher suites your e-mail server supports:

https://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

If security is not a concern, you can also just revert back to the previous release settings:

$SPLUNK_HOME/etc/system/local/alert_actions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

andrewb_splunk
Splunk Employee
Splunk Employee

Do you have the Admin role in Splunk Light, or the User role?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...