Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to resolve Java Bridge server not running after upgrade to Splunk 6.6.2?

hjaramillo
New Member
‎07-31-2017 09:02 AM

jbridge.log

2017-07-31 10:54:04,757 INFO Checking for obsolete java libraries in /opt/splunk/etc/apps/dbx/bin/lib
2017-07-31 10:54:04,765 INFO Started JavaBridgeServer PID=12366
2017-07-31 10:54:05,606 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version  at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199)     at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207)  at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32)    at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40)    at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313)     at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128)  at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version  at sun.security.ssl.Alerts.getSSLException(Unknown Source)  at sun.security.ssl.Alerts.getSSLException(Unknown Source)  at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)    at com.splunk.rest.Splunkd.request(Splunkd.java:216)    at com.splunk.rest.Splunkd.request(Splunkd.java:102)    at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197)     ... 6 more 
2017-07-31 10:54:05,606 ERROR Command output: None

Java Version: jre1.8.0_25

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mvarga2
Explorer
‎08-03-2017 08:00 AM

For our environment, adding this to our [sslConfig] in server.conf and restarting Splunk resolved the issue:

sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

View solution in original post

Reply
Solved! Jump to solution
Solution

mvarga2
Explorer
‎08-03-2017 08:00 AM

For our environment, adding this to our [sslConfig] in server.conf and restarting Splunk resolved the issue:

sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

Reply
Solved! Jump to solution

hjaramillo
New Member
‎08-03-2017 11:32 AM

I did not function

Jbridge.log
2017-08-03 13:25:51,706 INFO Checking for obsolete java libraries in /opt/splunk/etc/apps/dbx/bin/lib
2017-08-03 13:25:51,714 INFO Started JavaBridgeServer PID=29547
2017-08-03 13:25:52,641 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLException: Received fatal alert: protocol_version at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:199) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:207) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at com.splunk.rest.Splunkd.request(Splunkd.java:216) at com.splunk.rest.Splunkd.request(Splunkd.java:102) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:197) ... 6 more
2017-08-03 13:25:52,641 ERROR Command output: None

sslConfig in server.conf :

sslVersionsForClient = tls, -tls1.0, tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256-TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma
Reply
Solved! Jump to solution

mvarga2
Explorer
‎08-04-2017 04:39 AM

Here is my entire [sslConfig] Does yours contain the two sslKeysfilePassword and sslPassword?

sslKeysfilePassword = YourPassword
sslPassword = YourPassword
sslVersionsForClient = tls,-tls1.0
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

0 Karma
Reply
Solved! Jump to solution

davebrooking
Contributor
‎08-04-2017 08:58 AM

What version of DB Connect are you trying to run?

Dave

0 Karma
Reply
Solved! Jump to solution

mvarga2
Explorer
‎08-04-2017 11:26 AM

It works fine for me after I added the two lines stated above. I am running v1.1.7

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...