How to fix CIPHER mismatch error "no common encryption algorithm(s)" trying to access HTTP Event Collector on Splunk Cloud?


Trying to send logs to Splunk Cloud via HEC errors due to cipher mismatch between server and client.

curl -k '' -H 'Authorization: Splunk XXXX -d '{"event":"Hello, World!"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

Even connecting to port 8088 in browser gives ERR_SSL_VERSION_OR_CIPHER_MISMATCH, so Splunk Cloud is completely unusable right now. How to enable more encryption algorithms?

Splunk Employee
Splunk Employee

This will not work for splunk self-service, the ECC certs that splunk uses are too strong, this is a known issue. However i would also suggest looking at the following post.

Basically you specify the required cipher explicitly as an option. Now which one to specify, you figure this out by checking the ciphers on server.

Okay I was able to fix this. So basically you understand that curl does not support even one of the ciphers that server is willing to negotiate.
Note that the I was testing this on a ubuntu machine. curl that was present on my ubuntu machine was not using openssl. I think that the default curl that you get by doing sudo apt-get is not built with openssl. So I built curl following this post

After that I was able to make curl request.
I also have a mac and I was able to make curl request successfully from there.
I also had another colleague of mine who was not able to do so from mac.
So I think a solution would be to build curl from source specifying an SSL library to build with ( this may depend on the os that you are using).
Let me know how it goes.

0 Karma

 curl -k -H 'Authorization: Splunk 740E3ADC-3214-45DA-9F30-44F7A837BAA2' -d '{"event":"event1"} {"event":"event2"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

I am also facing the same issue from splunk documents says that its working but tried a lot . I am using splunk cloud self trail. Does any one is having solution for this. Thanks

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...