Hi ashrafmr,
I did some testing with supportSSLV3Only = true and you need to have at least one cipherSuite set in web.conf. If you remove it splunkweb will not start returning this error:
2014-04-10 10:16:39,534 ERROR [5346535fe020bd8d0] root:555 - 'cipherSuite'
Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 550, in <module>
run(blocking=True)
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 250, in run
ssl_ciphers = str(global_cfg['cipherSuite'])
KeyError: 'cipherSuite'
In your default web.conf there is a cipherSuite entry like this:
# For the HTTP server, Diable ciphers lower than 128-bit and disallow ciphers that
# don't provide authentication and/or encryption.
# Use 'openssl ciphers -v' to generate a list of supported ciphers
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
You can check for any overlapping .conf settings (I did not have any) with btool like this:
/opt/splunk/bin/splunk cmd btool --debug web list | grep cipher
If you now open up Splunk in your browser, you will see something like this:
Connection Encrypted: High-grade Encryption (TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys)
The message may differ based on your browser (I used Firefox). Based on that the default cipher would be:
AES_128_CBC
On the other hand chrome will display something like this:
TLS 1.0 AES_256_CBC SHA1 RSA
since I did not set any specific cipher in web.conf , it just disables the weak ciphers.
hope this helps ...
cheers, MuS
... View more