Security

Why am I getting a handshake error trying to set cipherSuite on web.conf to allow only tls=1.2 connection in Splunk 6.2?

arber
Communicator

Hello,

I'm trying to set the cipherSuite on web.conf to allow only tls=1.2 connection

[settings]
enableSplunkWebSSL = 1
supportSSLV3Only = False
cipherSuite = TLSv1.2:!eNULL:!aNULL

After I set this, I try a restart of splunkweb, but I get this error:

502 Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I found the article on the Splunk blog:

http://blogs.splunk.com/2014/10/22/mitigating-the-poodle-attack-in-splunk/

Any idea how to solve this?

Thanks

1 Solution

dflodstrom
Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

View solution in original post

dflodstrom
Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

arber
Communicator

Thanks,

i added just the sslVersion and seemd to work. The vulnerability is not present anymore.

sunilmodi1
New Member

Great solution. It is working fine

0 Karma

dflodstrom
Builder

Fantastic! Thanks for the feedback.

0 Karma

masonmorales
Influencer

This helped me too. Thanks!

dflodstrom
Builder

Glad to help, make sure you up vote! 🙂

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...