Mason Morales
  • Splunk Blog
  • Contact
  • About

Upgrading to Splunk 7? Read this first...

12/8/2017

3 Comments

 
I recently upgraded a Splunk cluster from v6.5.2 to v7.0.1. There was one thing that wasn't covered in the release notes. After upgrading my first host (master node), I couldn't execute CLI commands. Splunk threw the following error:
$ splunk enable maintenance-mode 
Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Splunk Support admitted that they have some SSL bugs in the new release, and that this was one of them. To workaround this, you can make the following edits in server.conf:
[sslConfig] 
sslVersions = *,-ssl2 
sslVersionsForClient = *,-ssl2 
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH 

Once this is done, restart Splunk and try the CLI again. You should be back in business.

I had to update server.conf on most of my Splunk server hosts (master node, search heads, deployers, deployment server, license master, etc.) but for some reason not on my indexers. I'm not sure why as both my indexers and search heads run the same OS and had the same OpenSSL package installed. Hopefully this helps anyone out there with a similar issue.
3 Comments

    Author

    Mason Morales
    Splunk Architect
    SplunkTrust 2015-2019
    My GitHub Repos
    Follow me on Splunk Answers

    View my profile on LinkedIn

    Archives

    November 2018
    October 2018
    December 2017
    March 2017
    February 2017

    Categories

    All

    RSS Feed


Copyright © 2018 Mason Morales All rights reserved.

  • Splunk Blog
  • Contact
  • About