Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Alerting
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Errors in logs Received fatal SSL3 alert. splunkd....
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Errors in logs Received fatal SSL3 alert. splunkd.log
robertlynch2020
Motivator
03-11-2020
03:29 AM
Hi
I am getting this error over and over again , any ideas
03-11-2020 11:16:36.630 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:36.630 +0100 WARN HttpListener - Socket error from 127.0.0.1:45500 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:39.415 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:39.415 +0100 WARN HttpListener - Socket error from 127.0.0.1:45506 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:42.158 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:42.158 +0100 WARN HttpListener - Socket error from 127.0.0.1:45516 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:44.866 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:44.866 +0100 WARN HttpListener - Socket error from 127.0.0.1:45522 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:47.663 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:47.663 +0100 WARN HttpListener - Socket error from 127.0.0.1:45526 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:50.440 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:50.440 +0100 WARN HttpListener - Socket error from 127.0.0.1:45532 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:53.164 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:53.164 +0100 WARN HttpListener - Socket error from 127.0.0.1:45540 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
03-11-2020 11:16:55.882 +0100 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello C', alert_description='protocol version'.
03-11-2020 11:16:55.882 +0100 WARN HttpListener - Socket error from 127.0.0.1:45546 while idling: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Thanks in advance
Robbie
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
03-11-2020
04:18 AM
Where are you getting this error ? Indexer, Search Head, Heavy Forwarder ?
Are you using HEC ? If yes then are you receiving HEC event on SSL/TLS?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
robertlynch2020
Motivator
03-11-2020
04:31 AM
Hi
We are using Splunk 7.3.6 and getting it in splunkd.log
we have universal forwarders sending us data into the main install (One install on one box)
From reading past posts i have tried to update (/splunk/etc/system/local/inuts.conf) the default is empty for SSL.
[SSL]
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
This is my forwarder (So i tried to set my main Splunk cipherSuite to be the same, but it did not work)
[SSL]
default cipher suites that splunk allows. Change this if you wish to increase the security
of SSL connections, or to lower it if you having trouble connecting to splunk.
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
allowSslRenegotiation = true
sslQuietShutdown = false
Allow only sslv3 and above connections
sslVersions = *,-ssl2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
03-11-2020
05:19 AM
Do you mean 7.2.6 because 7.3.6 is not release yet.
What happen if you remove ciphersuite and SSL configuration from UF and Indexer ? And are you running UF and Indexer on same server ?
Get Updates on the Splunk Community!
Join Us for Splunk University and Get Your Bootcamp Game On!
If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...
Announcing Scheduled Export GA for Dashboard Studio
We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...
