When I try to access the Splunk web interface over HTTPS I get the error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
When I check the logs I don't see anything that would point to a problem. Everything seems to start up just fine. I'm using just about as bare bones a config on splunk as possible.
Here’s the main I got for my problem,
1) I get the error in IE 11 and Google Chrome. Affected sites are some of Google (maps, youtube, & calendar) and Bing.com. Haven't really tried many other SSL/TLS sites. Some work fine though.
2) Everything was working properly until I "refreshed" my operating system.
An additional note is that a second user, on this same computer, has no problems with secured sites.
And then I followed this steps and the problem was gone.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH – Solutions Encyclopedia
The Chrome browser is the most helpful giving ERR_SSL_VERSION_OR_CIPHER_MISMATCH as the reason for the web page not being available. The fuller details are:
"A secure connection cannot be established because this site uses an unsupported protocol"
which only confirms my investigation. However, this implies that the problem on this computer is between the browser and the wifi connection.
The network adapter is "Killer Wireless-N 1202 Network Adapter (Qualcomm Atheros Communications Inc) being used with 802.11b WiFi.
In the application tools/event viewer/windows logs/system the error is reported as "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." This ties in with my investigation that this computer only uses TLS 1.0 and the serif system only supports TLS1.1 and 1.2.
So, the problem is not resolved. The only browser TLS setting I can find is in IE tools advanced where TLS1.1 and 1.2 are enabled. Would this be held in the Registry somewhere and would this entry determine which TLS protocols were actually enabled?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH – Explained With Solutions
We were securing the web front end crypto ciphers and secure protocols recently and came across this same issue, in effect we removed too many ciphers from the configuration and it would not start or bind the mod_ssl properly.
We went back to default settings, then changed a smaller amount of ciphers and protocols, and we are now set to 128bit AES / RSA encryption, which will keep us secure and happy for the time being.
Our revised config for /opt/splunk/etc/system/local/web.conf
[settings] startwebserver = 1 enableSplunkWebSSL = true allowSslCompression = false splunkdConnectionTimeout = 120 sslVersions = tls1.2 cipherSuite = TLSv1.2+HIGH:@STRENGTH
P.S. This removes the less secure SSLv2 and SSLv3 protocols, and enforces the more secure TLSv1.2 protocol.