After configuring splunkd to use SSL, with
/etc/system/local/server.conf
[sslConfig]
enableSplunkdSSL = true
sslVersions = <*, -sslv2 , -sslv3>
I wasn't able to get the java bridge to run with the syntax copied from the release notes or even just TLSv1 in the <> I instead had to use sslVersion*s* and the same syntax that i used in the server.conf file to get the jbridge to start up again.
/etc/apps/dbx/local/java.conf
[splunkd]
sslVersions = <*, -sslv2 , -sslv3>
#sslVersion = <SSLv3, TLSv1>
The release notes for 1.1.16
The Java Bridge Server can now use either SSL or TLS for security encryption when connecting to splunkd. Both are enabled by default. To specify one or the other, edit the following lines in dbx/local/java.conf:
[splunkd]
sslVersion = < SSLv3, TLSv1 >
This fixes the problem that arose when a user set the encryption scheme to TLS in /etc/system/local/server.conf to avoid the SSL >POODLE vulnerability. (DBX-1025)
with a snippet from the jbridge.log when using plain
Exception in thread "main" java.lang.IllegalArgumentException: <TLSv1> at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) at sun.security.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2394) at com.splunk.rest.Splunkd$SSLSocketFactoryImpl.configure(Splunkd.java:288) at com.splunk.rest.Splunkd$SSLSocketFactoryImpl.createSocket(Splunkd.java:313) at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:409) at sun.net.NetworkClient.doConnect(NetworkClient.java:162) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
So I guess the question is, do the release notes have the syntax wrong?
... View more