I finally got my certificates set up to where I am not seeing any certificate or SSL related errors in the splunkd.log file when Splunk starts. So I went to log into my indexer and it let me get as far as changing the default password, but when I actually try to log in, I see this:
500 Internal Server Error
Return to Splunk home page
SSLHandshakeError: [Errno 1] _ssl.c:533: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
View more information about your request (request ID = 54d3cf09ed3fd1c50) in Search
Does anyone know what I'm doing wrong? My web.conf and server.conf are configured to use only TLS1.2, so I'm not sure why I'm seeing any kind of SSL3 errors. I get the same error screen in Chrome 40 and IE 11.
SPL-92435 - Forcing TLS1.2 or TLS1.1 in server.conf with SPLUNK_FIPS does not work.
Once I commented out my cipherSuite line and set my sslVersions to just 'tls' I was able to log in. Hopefully this is fixed soon. Seems counter-productive to have to enable FIPS to secure the kvstore, only to be forced to use the oldest version of TLS.