Had a working system with jms_ta 1.3.6 until the OS updates to patch SSL3 took place.
Current System details:
We now upgrade from jms_ta 1.3.6 to jms_ta 1.3.8
Splunk: 5.0.3 Universal Forwarder
java version "1.7.0_75"
OpenJDK Runtime Environment (rhel-2.5.4.0.el6_6-x86_64 u75-b13)
OpenJDK 64-Bit Server VM (build 24.75-b04, mixed mode)
ISSUE:
We were not able to make jms_ta 1.3.8 work.
Tested the settign with the followign command:
python /opt/splunk/etc/apps/jms_ta/bin/jms.py --scheme
Error: Could not find or load main class com.splunk.modinput.jms.JMSModularInput
splunkd.log shows these errors:
-0500 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/jms.py" Error executing modular input : Server chose TLSv1, but that protocol version is not enabled or not supported by the client. : java.lang.RuntimeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
-0500 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/jms.py" at com.splunk.HttpService.send(HttpService.java:370)
-0500 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/jms.py" at com.splunk.Service.send(Service.java:1268)
-0500 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/jms.py" Caused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
Request for help in resolving the issue.
Fixed the issue by:
1) Upgrading Splunk Forwarder from 5.X to 6.X.
2) Upgrading jms_ta to 1.3.8
FYI:
Splunk 5 does not support TLSv1.2.
JMS 1.3.8 uses TLSv1.2
I would like to download and test with jms_ta 1.3.7 but Splunk defaults to jms_ta 1.3.8 .