This is actually mentioned in the (Default) server.conf since around ver. 6.6.x, in that Mongo DB aka. kvstore (not Splunk) does not support Forward-Secrecy ciphers i.e. Mongo needs to have RSA ones to work.
# The following non-forward-secrecy ciphers were added to support the kv store:
# AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256.
... View more