Security

How to fix CIPHER mismatch error "no common encryption algorithm(s)" trying to access HTTP Event Collector on Splunk Cloud?

Engager

Trying to send logs to Splunk Cloud via HEC errors due to cipher mismatch between server and client.

curl -k 'https://splunkserver.cloud.splunk.com:8088/services/collector/event/1.0' -H 'Authorization: Splunk XXXX -d '{"event":"Hello, World!"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

Even connecting to port 8088 in browser gives ERR_SSL_VERSION_OR_CIPHER_MISMATCH, so Splunk Cloud is completely unusable right now. How to enable more encryption algorithms?

Splunk Employee
Splunk Employee

This will not work for splunk self-service, the ECC certs that splunk uses are too strong, this is a known issue. However i would also suggest looking at the following post.
http://stackoverflow.com/questions/31107851/how-to-fix-curl-35-cannot-communicate-securely-with-peer...

Basically you specify the required cipher explicitly as an option. Now which one to specify, you figure this out by checking the ciphers on server.

Okay I was able to fix this. So basically you understand that curl does not support even one of the ciphers that server is willing to negotiate.
Note that the I was testing this on a ubuntu machine. curl that was present on my ubuntu machine was not using openssl. I think that the default curl that you get by doing sudo apt-get is not built with openssl. So I built curl following this post
http://askubuntu.com/questions/764443/how-to-compile-curl-with-ssl-support

After that I was able to make curl request.
I also have a mac and I was able to make curl request successfully from there.
I also had another colleague of mine who was not able to do so from mac.
So I think a solution would be to build curl from source specifying an SSL library to build with ( this may depend on the os that you are using).
Let me know how it goes.

0 Karma

Explorer
 curl -k https://hostname.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk 740E3ADC-3214-45DA-9F30-44F7A837BAA2' -d '{"event":"event1"} {"event":"event2"}'
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

I am also facing the same issue from splunk documents says that its working but tried a lot . I am using splunk cloud self trail. Does any one is having solution for this. Thanks

0 Karma