I was surprised to find that splunkweb does not send a preferred list of ciphers according to their order of appearance in the cipherSuite directive.
Is there a way to have splunkweb express a cipher order preference, similar to the SSLHonorCipherOrder directive in Apache?
Otherwise, I'm finding it harder than expected to convince modern browsers to support PFS ciphers while degrading gracefully for older ones.
have a look at this answer where you can read something about this topic http://answers.splunk.com/answers/134053/ciphersuite-in-various-conf-files.html
This doesn't address the question about HonorCipherOrder. PEN tools still flag the web server as being vulnerable to Secure Client-Initiated Renegotiation
I am getting the same results and posted the question here.