https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125938#M14497 <P>small update, these are the firsts default ciphers used:</P> <PRE><CODE>ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA </CODE></PRE> <P>the list is much longer and can be see with:</P> <PRE><CODE>$SPLUNK_HOME/bin/splunk cmd openssl ciphers </CODE></PRE> Fri, 02 May 2014 07:07:40 GMT MuS 2014-05-02T07:07:40Z https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125936#M14495 <P>If I do not specify a cipherSuite entry explicitly what is used?</P> <P>For example, is it equivalent to 'SSLv3:!aNULL:!eNULL'?</P> Wed, 09 Apr 2014 16:03:03 GMT https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125936#M14495 ashrafmr 2014-04-09T16:03:03Z https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125937#M14496 <P>Hi ashrafmr,</P> <P>I did some testing with <CODE>supportSSLV3Only = true</CODE> and you need to have at least one cipherSuite set in <A href="http://docs.splunk.com/Documentation/Splunk/6.0.2/Admin/Webconf">web.conf</A>. If you remove it <CODE>splunkweb</CODE> will not start returning this error:</P> <PRE><CODE>2014-04-10 10:16:39,534 ERROR [5346535fe020bd8d0] root:555 - 'cipherSuite' Traceback (most recent call last): File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 550, in &lt;module&gt; run(blocking=True) File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 250, in run ssl_ciphers = str(global_cfg['cipherSuite']) KeyError: 'cipherSuite' </CODE></PRE> <P>In your default <CODE>web.conf</CODE> there is a cipherSuite entry like this:</P> <PRE><CODE># For the HTTP server, Diable ciphers lower than 128-bit and disallow ciphers that # don't provide authentication and/or encryption. # Use 'openssl ciphers -v' to generate a list of supported ciphers cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM </CODE></PRE> <P>You can check for any overlapping <CODE>.conf</CODE> settings (I did not have any) with <EM>btool</EM> like this:</P> <PRE><CODE>/opt/splunk/bin/splunk cmd btool --debug web list | grep cipher </CODE></PRE> <P>If you now open up Splunk in your browser, you will see something like this:<BR /></P> <PRE><CODE>Connection Encrypted: High-grade Encryption (TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys) </CODE></PRE> <P>The message may differ based on your browser (I used Firefox). Based on that the default cipher would be:</P> <PRE><CODE>AES_128_CBC </CODE></PRE> <P>On the other hand chrome will display something like this:</P> <PRE><CODE>TLS 1.0 AES_256_CBC SHA1 RSA </CODE></PRE> <P>since I did not set any specific cipher in <CODE>web.conf</CODE>, it just disables the weak ciphers.</P> <P>hope this helps ...</P> <P>cheers, MuS</P> Thu, 10 Apr 2014 08:49:02 GMT https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125937#M14496 MuS 2014-04-10T08:49:02Z https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125938#M14497 <P>small update, these are the firsts default ciphers used:</P> <PRE><CODE>ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA </CODE></PRE> <P>the list is much longer and can be see with:</P> <PRE><CODE>$SPLUNK_HOME/bin/splunk cmd openssl ciphers </CODE></PRE> Fri, 02 May 2014 07:07:40 GMT https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125938#M14497 MuS 2014-05-02T07:07:40Z https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125939#M14498 <P>Hi,</P> <P>just an update to make sure current options are set: v7.3+</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/latest/Security/Ciphersuites">https://docs.splunk.com/Documentation/Splunk/latest/Security/Ciphersuites</A></P> <P>HTH,</P> <P>Holger</P> Mon, 29 Jul 2019 13:09:41 GMT https://community.splunk.com/t5/Security/What-are-the-default-ciphers-used-for-supportSSLV3Only-true/m-p/125939#M14498 hsesterhenn_spl 2019-07-29T13:09:41Z