To enable HTTPS with Splunk Web:
In Splunk Web, select Settings > System > Server settings, and then click General Settings.
Under Splunk Web, for Enable SSL (HTTPS) in Splunk Web, select the Yes radio button. By default, Splunk deployments point to the default certificates when encryption is turned on, so no further action is needed.
Restart Splunk Web.
You must now prepend "https://" to the URL you use to access Splunk Web.
This appears to be triggering because of your cipher suite. What version of Splunk are you currently on?
You can run these commands to find out what ciphers are available to you:
$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v $SPLUNK_HOME/bin/splunk cmd openssl ciphers -v "TLSv1.2" $SPLUNK_HOME/bin/splunk cmd openssl ciphers -v "HIGH"
You need to check what ciphers are currently allowed for the Splunk UI by running this command:
/opt/splunk/bin/splunk btool web list --debug | grep cipherSuite
Make sure there are no
NULL ciphers. If there are you can manually set the cipher list in
This is an example from Splunk 7.2:
[settings] cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
If you upgrade your Splunk I feel like this might also solve your issue.
I am currently using Splunk version 6.6.5. Do you think it will be resolve if we upgrade to v7.0.8?
I know v7.1.x have some major GUI changes that why we would want to keep it with the same interface for now. Do you think it will eliminate the vulnerability?
I think there is a good chance that will probably fix it. You could download that version of Splunk and use the btool command above to check its ciphers vs your current list.
The new Splunk UI is really great and doesn't require too much learning or re-training. I highly recommend it.
I ran the command below:
sudo -u splunk /opt/splunk/bin/splunk btool web list --debug | grep cipherSuite
And got this line below for web.conf
cipherSuite = TLSv1.2:!aNULL