Deployment Architecture

Why am I getting the following error from the Splunk deployment application and Splunk deployment server?

samernic
New Member

We are not able to connect to one of the application server. We are seeing the following error on the deployment server. We did modify an existing application, but it's not reflecting changes:

WARN HttpListener - Socket error from 10.1.202.125 while idling: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

that's probably du to the default cipher list being more strict with newer versions.

if so look at known issues : http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/KnownIssues
especially this one :
Older 6.0, 6.1, 6.2, 6.3 maintenance release versions unable to connect to 6.6.x and later via management port

Workaround:
This applies to License Master/Slave, Deployment Server/Client, Cluster Master/Peers, Search Head/Peers and affects Splunk 6.6.x and the following versions:

6.0.0 to 6.0.6
6.1.0 to 6.1.4
6.2.0 to 6.2.6
6.3.0 to 6.3.1
6.3.1511.1

Upgrade your older instances to the latest maintenance releases or on your 6.6.x Splunk instances. Add the following stanza to server.conf:

[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma

samernic
New Member

We do have communications going on from other application servers. Only one application server is not sending data to Splunk. Our deployment server is 7.0 and splunk forwarder is 6.5 version. On which server do I need to apply this stanza update also can you please provide the path for it?

0 Karma

prakash007
Builder

Make sure the sslconfigs under server.conf match both Deployment server and the client...

this Splunk Answers might help you to narrow down the issue...
https://answers.splunk.com/answers/579846/ssl-error-on-non-ssl-forwarder-connection.html

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...