Splunk Enterprise
Highlighted

Sendmail sslv3 alert handshake failure

New Member

After Upgrading to Splunk Light 6.6 last week I did not get any emails from my splunk server. In python.log I see the following errors:

  ERROR sendemail:443 - [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676) while sending mail 

I am connecting to the mail server over port 587 using "Enable TLS" without username.

Any ideas whats going wrong?

0 Karma
Highlighted

Re: Sendmail sslv3 alert handshake failure

Splunk Employee
Splunk Employee

Do you have the Admin role in Splunk Light, or the User role?

0 Karma
Highlighted

Re: Sendmail sslv3 alert handshake failure

Splunk Employee
Splunk Employee

Please see the notes for issue SPL-138647 which contains the steps for figuring out what SSL/TLS versions and cipher suites your e-mail server supports:

https://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

If security is not a concern, you can also just revert back to the previous release settings:

$SPLUNKHOME/etc/system/local/alertactions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

0 Karma
Highlighted

Re: Sendmail sslv3 alert handshake failure

Splunk Employee
Splunk Employee

Please see SPL-138647 in the release notes to determine what SSL/TLS version and cipher suites your e-mail server supports:

http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/Knownissues

Alternatively, if security is not a concern, you can also revert to the 6.5.x configuration:

$SPLUNKHOME/etc/system/local/alertactions.conf
[email]
sslVersions = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma