Splunk Enterprise

Sendmail sslv3 alert handshake failure

f_hartmann
New Member

After Upgrading to Splunk Light 6.6 last week I did not get any emails from my splunk server. In python.log I see the following errors:

  ERROR sendemail:443 - [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676) while sending mail 

I am connecting to the mail server over port 587 using "Enable TLS" without username.

Any ideas whats going wrong?

0 Karma
1 Solution

mgo
Splunk Employee
Splunk Employee

Please see the notes for issue SPL-138647 which contains the steps for figuring out what SSL/TLS versions and cipher suites your e-mail server supports:

https://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

If security is not a concern, you can also just revert back to the previous release settings:

$SPLUNK_HOME/etc/system/local/alert_actions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

0 Karma

mgo
Splunk Employee
Splunk Employee

Please see SPL-138647 in the release notes to determine what SSL/TLS version and cipher suites your e-mail server supports:

http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

Alternatively, if security is not a concern, you can also revert to the 6.5.x configuration:

$SPLUNK_HOME/etc/system/local/alert_actions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

mgo
Splunk Employee
Splunk Employee

Please see the notes for issue SPL-138647 which contains the steps for figuring out what SSL/TLS versions and cipher suites your e-mail server supports:

https://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

If security is not a concern, you can also just revert back to the previous release settings:

$SPLUNK_HOME/etc/system/local/alert_actions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

andrewb_splunk
Splunk Employee
Splunk Employee

Do you have the Admin role in Splunk Light, or the User role?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...