Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to fix CIPHER mismatch error "no common encryption algorithm(s)" trying to access HTTP Event Collector on Splunk Cloud?

rjhazelwood
Engager
‎06-06-2016 02:47 AM

Trying to send logs to Splunk Cloud via HEC errors due to cipher mismatch between server and client.

curl -k 'https://splunkserver.cloud.splunk.com:8088/services/collector/event/1.0' -H 'Authorization: Splunk XXXX -d '{"event":"Hello, World!"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

Even connecting to port 8088 in browser gives ERR_SSL_VERSION_OR_CIPHER_MISMATCH, so Splunk Cloud is completely unusable right now. How to enable more encryption algorithms?

Reply

rdimri_splunk
Splunk Employee
Splunk Employee
‎09-23-2016 10:53 AM

This will not work for splunk self-service, the ECC certs that splunk uses are too strong, this is a known issue. However i would also suggest looking at the following post.
http://stackoverflow.com/questions/31107851/how-to-fix-curl-35-cannot-communicate-securely-with-peer...

Basically you specify the required cipher explicitly as an option. Now which one to specify, you figure this out by checking the ciphers on server.

Okay I was able to fix this. So basically you understand that curl does not support even one of the ciphers that server is willing to negotiate.
Note that the I was testing this on a ubuntu machine. curl that was present on my ubuntu machine was not using openssl. I think that the default curl that you get by doing sudo apt-get is not built with openssl. So I built curl following this post
http://askubuntu.com/questions/764443/how-to-compile-curl-with-ssl-support

After that I was able to make curl request.
I also have a mac and I was able to make curl request successfully from there.
I also had another colleague of mine who was not able to do so from mac.
So I think a solution would be to build curl from source specifying an SSL library to build with ( this may depend on the os that you are using).
Let me know how it goes.

0 Karma
Reply

vvelpuri
Explorer
‎09-23-2016 10:00 AM 
 curl -k https://hostname.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk 740E3ADC-3214-45DA-9F30-44F7A837BAA2' -d '{"event":"event1"} {"event":"event2"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

I am also facing the same issue from splunk documents says that its working but tried a lot . I am using splunk cloud self trail. Does any one is having solution for this. Thanks

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...