I'm testing the Splunk App for Stream v6.1.0 with HTTP data and it seems to only support decrypting SSLv3 connections. As soon as I switch the SSLProtocol in Apache from SSLv3 to TLSv1.2 no data is captured. Chrome is throwing warnings for SSLv3 connections so I can't leave Apache set at SSLv3.
App for Stream does support TLS 1.0, 1.1 and 1.2; however, not all ciphers are supported. In particular, only ciphers using RSA based key exchanges (not ephemeral) are supported. For Apache, you can disable ephemeral ciphers using:
SSLCipherSuite ALL:!ADH:!EDH:!EXP:!NULL
App for Stream does support TLS 1.0, 1.1 and 1.2; however, not all ciphers are supported. In particular, only ciphers using RSA based key exchanges (not ephemeral) are supported. For Apache, you can disable ephemeral ciphers using:
SSLCipherSuite ALL:!ADH:!EDH:!EXP:!NULL
Thanks. I had to update the line to include !ECDH.
SSLProtocol All -SSLv2
SSLCipherSuite ALL:!ADH:!EDH:!EXP:!NULL:!ECDH