Splunk encryption works in two ways. There is the server encryption that is done through the management port(default 8089) and the port specific or data inputs encryption that is more specific to ports(default 9997) being utilized to transmit data. From my understanding of the server specific settings, it relates more-so towards Master-Slave relations(i.e. configurations & apps). The ports specific encryption is transmitting any sort of data from one server to another(doesn't have to be a Splunk component).
1) Ensure both servers have the same capabilities in terms of communicating via higher Ciphers.
To see which ciphers are available to you: $SPLUNK_HOME/bin/splunk cmd openssl ciphers -v
That's it!!! The above stanza basically says, "only accept inputs of any data(or connections) from servers using tls1.2 encryption". The other thing that I want to add is that splunk works on a server-determined relationship, so basically whatever server is acting as the "server(accepting connection)", as opposed to the client(seeking connection), will determine the cipher being used during connection.
To test that this is working use this: openssl s_client -connect ipaddress or URI:port -cipher
so example---> openssl sclient -connect splunker.jts.splunk.com:9997 -tls12
By default SSL2 is already disabled on splunk, so you would need to test using ssl3, tls1.0 or tls1.1
ex... openssl s_client -connect splunker.jts.splunk.com:9997 -ssl3 openssl sclient -connect splunker.jts.splunk.com:9997 -tls1o openssl sclient -connect splunker.jts.splunk.com:9997 -tls11
I haven't tested using one cipher on one port and using another on a different port yet. Once I do, I will be sure to add here. The basic use case for this is, if you have a client that does not have a certain cipher capability but still needs to communicate to splunk. Ideally it would best if the client upgrade to the higher cipher but ehhh...