All Apps and Add-ons

SA-ldapsearch error SSL configuration issue: sslVersions=""['tls1.2']"" is an invalid combination

jgoddard
Path Finder

This is the only error that I get, no further information, and so far i haven't been able to run the python from the cli to see if I can get any more information. I have pinned splunkweb to TLS1.2 for quite a while, have had no other issues. My ldap authentication for splunkweb is functioning fine. I don't see this error on answers, and I am confused.

I had suspected that this was a Cert issue, but after doing a lot of checking, I believe it is an issue with the SA-ldapsearch configs.

It appears that even though server.conf understands "tls1.2" as an sslVersion= value for the sslConfig stanza, SA-ldapsearch does NOT. I changed, in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local/ssl.conf to have:
[sslConfig]
sslVersions=tls

and everthing is working. I would like to request an enhancement to SA-ldapsearch such that it understands the sslVersion string of tls1.2

jamesarmitage
Path Finder

If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:

Lines 291-292:

 291         elif not protocol_set.symmetric_difference(('tls1.0',)):
 292             version = ssl.PROTOCOL_TLSv1

append the following (do not include the line numbers):

 293         elif not protocol_set.symmetric_difference(('tls1.2',)):
 294             version = ssl.PROTOCOL_TLSv1

For completeness you might want to add a test for tls1.1, this doesn't apply in my case.

jamesarmitage
Path Finder

If you edit SA-ldapsearch/bin/packages/app/configuration.py you can fix the error:

Lines 291-292:

291         elif not protocol_set.symmetric_difference(('tls1.0',)):
292             version = ssl.PROTOCOL_TLSv1

append the following (do not include the line numbers):

293         elif not protocol_set.symmetric_difference(('tls1.2',)):
294             version = ssl.PROTOCOL_TLSv1

For completeness you might want to add a test for tls1.1, this doesn't apply in my case.

jgoddard
Path Finder

Thanks a lot for that tip, James. I will deploy and verify that gets rid of the error I was having.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...