Solved: Why am I getting a handshake error trying to set c...

arber · ‎02-23-2015

Hello,

I'm trying to set the cipherSuite on web.conf to allow only tls=1.2 connection

[settings]
enableSplunkWebSSL = 1
supportSSLV3Only = False
cipherSuite = TLSv1.2:!eNULL:!aNULL

After I set this, I try a restart of splunkweb, but I get this error:

502 Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I found the article on the Splunk blog:

Any idea how to solve this?

Thanks

dflodstrom · ‎02-24-2015

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

dflodstrom · ‎02-24-2015

I assume you're trying to resolve POODLE? To enable TLS only I use this:

[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1

arber · ‎02-26-2015

Thanks,

i added just the sslVersion and seemd to work. The vulnerability is not present anymore.

sunilmodi1 · ‎11-29-2017

Great solution. It is working fine

dflodstrom · ‎02-26-2015

Fantastic! Thanks for the feedback.

masonmorales · ‎08-26-2015

This helped me too. Thanks!

dflodstrom · ‎08-26-2015

Glad to help, make sure you up vote! 🙂

Why am I getting a handshake error trying to set cipherSuite on web.conf to allow only tls=1.2 connection in Splunk 6.2?