Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to fix CIPHER mismatch error "no common encryption algorithm(s)" trying to access HTTP Event Collector on Splunk Cloud?

rjhazelwood
Engager
‎06-06-2016 02:47 AM

Trying to send logs to Splunk Cloud via HEC errors due to cipher mismatch between server and client.

curl -k 'https://splunkserver.cloud.splunk.com:8088/services/collector/event/1.0' -H 'Authorization: Splunk XXXX -d '{"event":"Hello, World!"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

Even connecting to port 8088 in browser gives ERR_SSL_VERSION_OR_CIPHER_MISMATCH, so Splunk Cloud is completely unusable right now. How to enable more encryption algorithms?

Reply

rdimri_splunk
Splunk Employee
Splunk Employee
‎09-23-2016 10:53 AM

This will not work for splunk self-service, the ECC certs that splunk uses are too strong, this is a known issue. However i would also suggest looking at the following post.
http://stackoverflow.com/questions/31107851/how-to-fix-curl-35-cannot-communicate-securely-with-peer...

Basically you specify the required cipher explicitly as an option. Now which one to specify, you figure this out by checking the ciphers on server.

Okay I was able to fix this. So basically you understand that curl does not support even one of the ciphers that server is willing to negotiate.
Note that the I was testing this on a ubuntu machine. curl that was present on my ubuntu machine was not using openssl. I think that the default curl that you get by doing sudo apt-get is not built with openssl. So I built curl following this post
http://askubuntu.com/questions/764443/how-to-compile-curl-with-ssl-support

After that I was able to make curl request.
I also have a mac and I was able to make curl request successfully from there.
I also had another colleague of mine who was not able to do so from mac.
So I think a solution would be to build curl from source specifying an SSL library to build with ( this may depend on the os that you are using).
Let me know how it goes.

0 Karma
Reply

vvelpuri
Explorer
‎09-23-2016 10:00 AM 
 curl -k https://hostname.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk 740E3ADC-3214-45DA-9F30-44F7A837BAA2' -d '{"event":"event1"} {"event":"event2"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

I am also facing the same issue from splunk documents says that its working but tried a lot . I am using splunk cloud self trail. Does any one is having solution for this. Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...