Security

Why am I getting a handshake error trying to set cipherSuite on web.conf to allow only tls=1.2 connection in Splunk 6.2?

arber
Communicator

Hello,

I'm trying to set the cipherSuite on web.conf to allow only tls=1.2 connection

[settings]
enableSplunkWebSSL = 1
supportSSLV3Only = False
cipherSuite = TLSv1.2:!eNULL:!aNULL

After I set this, I try a restart of splunkweb, but I get this error:

502 Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I found the article on the Splunk blog:

http://blogs.splunk.com/2014/10/22/mitigating-the-poodle-attack-in-splunk/

Any idea how to solve this?

Thanks

1 Solution

dflodstrom
Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

View solution in original post

dflodstrom
Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

arber
Communicator

Thanks,

i added just the sslVersion and seemd to work. The vulnerability is not present anymore.

sunilmodi1
New Member

Great solution. It is working fine

0 Karma

dflodstrom
Builder

Fantastic! Thanks for the feedback.

0 Karma

masonmorales
Influencer

This helped me too. Thanks!

dflodstrom
Builder

Glad to help, make sure you up vote! 🙂

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...