I am trying to follow the document to disable the legacy ciphers in the Splunk 7.2, and I notice that the cluster master is been disconnected with the indexers and also the web interface of the Cluster master is down. Below is the error I found in the Splunkd.logs
ERROR ConfigEncryptor - Legacy encryption disabled! Will not decrypt. If you want to allow decryption for configs encrypted with legacy ciphers please set server.conf/[general]/legacyCiphers to 'decryptOnly
By disabling the legacy ciphers Splunk won't be able to read all encrypted passwords, pass4symmkey, ssh keys. Which means no more https for your splunk web, no more pass4symmkey to connect to the indexers ..