Security

Why am I getting a handshake error trying to set cipherSuite on web.conf to allow only tls=1.2 connection in Splunk 6.2?

Communicator

Hello,

I'm trying to set the cipherSuite on web.conf to allow only tls=1.2 connection

[settings]
enableSplunkWebSSL = 1
supportSSLV3Only = False
cipherSuite = TLSv1.2:!eNULL:!aNULL

After I set this, I try a restart of splunkweb, but I get this error:

502 Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I found the article on the Splunk blog:

http://blogs.splunk.com/2014/10/22/mitigating-the-poodle-attack-in-splunk/

Any idea how to solve this?

Thanks

1 Solution

Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

View solution in original post

Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

View solution in original post

Communicator

Thanks,

i added just the sslVersion and seemd to work. The vulnerability is not present anymore.

New Member

Great solution. It is working fine

0 Karma

Builder

Fantastic! Thanks for the feedback.

0 Karma

Influencer

This helped me too. Thanks!

Builder

Glad to help, make sure you up vote! 🙂

0 Karma