I did some testing with
supportSSLV3Only = true and you need to have at least one cipherSuite set in web.conf. If you remove it
splunkweb will not start returning this error:
2014-04-10 10:16:39,534 ERROR [5346535fe020bd8d0] root:555 - 'cipherSuite' Traceback (most recent call last): File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 550, in <module> run(blocking=True) File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 250, in run ssl_ciphers = str(global_cfg['cipherSuite']) KeyError: 'cipherSuite'
In your default
web.conf there is a cipherSuite entry like this:
# For the HTTP server, Diable ciphers lower than 128-bit and disallow ciphers that # don't provide authentication and/or encryption. # Use 'openssl ciphers -v' to generate a list of supported ciphers cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
You can check for any overlapping
.conf settings (I did not have any) with btool like this:
/opt/splunk/bin/splunk cmd btool --debug web list | grep cipher
If you now open up Splunk in your browser, you will see something like this:
Connection Encrypted: High-grade Encryption (TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys)
The message may differ based on your browser (I used Firefox). Based on that the default cipher would be:
On the other hand chrome will display something like this:
TLS 1.0 AES_256_CBC SHA1 RSA
since I did not set any specific cipher in
web.conf, it just disables the weak ciphers.
hope this helps ...
small update, these are the firsts default ciphers used:
the list is much longer and can be see with:
$SPLUNK_HOME/bin/splunk cmd openssl ciphers