I changed Splunk from using SSLv3 to TLSv1.2, and ...

bosburn_splunk · ‎01-22-2015

I changed Splunk to use TLSv1.2 and disabled SSLv3, now my java portlet using the Java SDK will no longer connect. Why?

OR

I upgraded to the Java 8u31 (which was recently released) and they disabled SSLv3. My apps no longer connect. Why?

ntbahriti_splun · ‎07-22-2015

With the Splunk SDK version 1.4.0 you don't need to modify, compile and repackage the HttpService.java in the JAR.
There are explanations and a working code example, last paragraph at:
http://answers.splunk.com/answers/209379/no-appropriate-protocol-protocol-is-disabled-or-ci.html#ans....

bosburn_splunk · ‎01-22-2015

By default, the Splunk Java SDK will use SSLv3 to connect. You will need to change this to TLS per the following instructions. This will be changed in a future release.

You will have to modify HttpService.java and change the following lines:

SSLContext context = SSLContext.getInstance("SSL");
to
SSLContext context = SSLContext.getInstance("TLSv1.2");

public static final String[] PROTOCOLS = {"SSLv3"};
to
public static final String[] PROTOCOLS = {"TLSv1.2"};

You will have to recompile the jar and redeploy it as well.

I changed Splunk from using SSLv3 to TLSv1.2, and the Splunk Java SDK will not connect..

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team