Security

Why am I getting a handshake error trying to set cipherSuite on web.conf to allow only tls=1.2 connection in Splunk 6.2?

Communicator

Hello,

I'm trying to set the cipherSuite on web.conf to allow only tls=1.2 connection

[settings]
enableSplunkWebSSL = 1
supportSSLV3Only = False
cipherSuite = TLSv1.2:!eNULL:!aNULL

After I set this, I try a restart of splunkweb, but I get this error:

502 Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I found the article on the Splunk blog:

http://blogs.splunk.com/2014/10/22/mitigating-the-poodle-attack-in-splunk/

Any idea how to solve this?

Thanks

1 Solution

Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

View solution in original post

Builder

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

View solution in original post

Communicator

Thanks,

i added just the sslVersion and seemd to work. The vulnerability is not present anymore.

New Member

Great solution. It is working fine

0 Karma

Builder

Fantastic! Thanks for the feedback.

0 Karma

Influencer

This helped me too. Thanks!

Builder

Glad to help, make sure you up vote! 🙂

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!