Trying to send logs to Splunk Cloud via HEC errors due to cipher mismatch between server and client.
curl -k 'https://splunkserver.cloud.splunk.com:8088/services/collector/event/1.0' -H 'Authorization: Splunk XXXX -d '{"event":"Hello, World!"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
Even connecting to port 8088 in browser gives ERR_SSL_VERSION_OR_CIPHER_MISMATCH, so Splunk Cloud is completely unusable right now. How to enable more encryption algorithms?
This will not work for splunk self-service, the ECC certs that splunk uses are too strong, this is a known issue. However i would also suggest looking at the following post.
http://stackoverflow.com/questions/31107851/how-to-fix-curl-35-cannot-communicate-securely-with-peer...
Basically you specify the required cipher explicitly as an option. Now which one to specify, you figure this out by checking the ciphers on server.
Okay I was able to fix this. So basically you understand that curl does not support even one of the ciphers that server is willing to negotiate.
Note that the I was testing this on a ubuntu machine. curl that was present on my ubuntu machine was not using openssl. I think that the default curl that you get by doing sudo apt-get is not built with openssl. So I built curl following this post
http://askubuntu.com/questions/764443/how-to-compile-curl-with-ssl-support
After that I was able to make curl request.
I also have a mac and I was able to make curl request successfully from there.
I also had another colleague of mine who was not able to do so from mac.
So I think a solution would be to build curl from source specifying an SSL library to build with ( this may depend on the os that you are using).
Let me know how it goes.
curl -k https://hostname.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk 740E3ADC-3214-45DA-9F30-44F7A837BAA2' -d '{"event":"event1"} {"event":"event2"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
I am also facing the same issue from splunk documents says that its working but tried a lot . I am using splunk cloud self trail. Does any one is having solution for this. Thanks