On 04/29/2019 11:14 PM, Mohit verma02 wrote:
> SSPR was successfully sending events to Sentinel when I configured with
> port 1468(TCP).

Just so we're clear here, TCP 1468 is a cleartext port by default, so data
on the wire are not encrypted at all. This is important in about one second.

> However moment I changed to 1443,it has stopped and seeing below error
> in logs.

I have not setup SSPR to audit to Sentinel with TLS/SSL; is there an
option within SSPR to not only change the port (1468 to 1443) but also to
change SSPR to negotiate the TLS/SSL side? The latter change is not
implied by the former, so unless you did something (e.g. checked a
checkbox indicating TLS/SSL should be used on the client/SSPR side) the
data will still be cleartext/plaintext, as the error message states.

> Please note that I want to use Client Authentication as "Open" and
> Server Key pairs as Internal (default).So confused why it is showing

These are, as I recall, settings on the Sentinel connector side, and
that's fine probably.

> below error as the Open configuration means no certificate validation
> required at all.
> Anyone can help in this?
> "Tue Apr 30 14:48:54 AEST
> 2019|SEVERE|SyslogSSLReader-144445|esecurity.ccs.comp.evtsrcmgt.connector.sysl ogserver.DeviceSensorTCPListener$DeviceReader.runS ensor
> DeviceSensor error
> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> connection?

The text here seems to indicate you have not told the client (SSPR) to use
TLS/SSL, so it is still trying to make a connection without that, which of
course will not work.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.