https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155001#M4670 <P>What would be the most "secure" cipher suite to use with Splunk. By most secure I mean, implements Perfect forward secrecy (DHS or ECDHE), a hashing algorithm that has not been cracked (SHA256+). Another consideration to take in mind is one that works with most browsers (so compatibility would be a factor).</P> <P>Splunk 6.03 Ships with <STRONG>openssl 1.01g</STRONG> which comes with the following cipher suite (seems like a decent list to me):</P> <PRE><CODE>$ openssl ciphers -v 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256: DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA: AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK' |column -t </CODE></PRE> <P>Has anyone speficied a set/collection of ciphers they allow using web.conf:</P> <PRE><CODE>[settings] cipherSuite = TLSv1 </CODE></PRE> <P>Advice, suggestions, context is welcomed. </P> Wed, 07 May 2014 03:48:45 GMT jhernandez_splu 2014-05-07T03:48:45Z https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155001#M4670 <P>What would be the most "secure" cipher suite to use with Splunk. By most secure I mean, implements Perfect forward secrecy (DHS or ECDHE), a hashing algorithm that has not been cracked (SHA256+). Another consideration to take in mind is one that works with most browsers (so compatibility would be a factor).</P> <P>Splunk 6.03 Ships with <STRONG>openssl 1.01g</STRONG> which comes with the following cipher suite (seems like a decent list to me):</P> <PRE><CODE>$ openssl ciphers -v 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256: DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA: AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK' |column -t </CODE></PRE> <P>Has anyone speficied a set/collection of ciphers they allow using web.conf:</P> <PRE><CODE>[settings] cipherSuite = TLSv1 </CODE></PRE> <P>Advice, suggestions, context is welcomed. </P> Wed, 07 May 2014 03:48:45 GMT https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155001#M4670 jhernandez_splu 2014-05-07T03:48:45Z https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155002#M4671 <P>Hi jhernandez_splunk,</P> <P>if your concern is about compatibility with most of the browsers, stick with the default settings <CODE>cipherSuite = HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK</CODE>. <BR /> But if you could say 'hey, we will only support the browsers listed <A href="http://docs.splunk.com/Documentation/Splunk/6.1/Installation/Systemrequirements#Supported_browsers">here</A>' then you could switch to TLSv1.1 or even TLSv1.2. To get a list of the support TLSV1.2 ciphers you can use this command:</P> <PRE><CODE> ./bin/splunk cmd openssl ciphers -v "TLSv1.2" </CODE></PRE> <P>You can find some information and comparison charts over in the <A href="http://en.wikipedia.org/wiki/Transport_Layer_Security">TLS wiki</A> as well.</P> <P>Last but not least, it all depends on your use case and feasibility </P> <P>hope this helps ...</P> <P>cheers, MuS</P> Wed, 07 May 2014 06:17:08 GMT https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155002#M4671 MuS 2014-05-07T06:17:08Z https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155003#M4672 <P>Thank you so much that really does help.</P> Wed, 07 May 2014 06:26:53 GMT https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155003#M4672 jhernandez_splu 2014-05-07T06:26:53Z https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155004#M4673 <P>By the way made a <A href="http://blogs.splunk.com/2014/06/03/generate-elliptical-curve-certkeys-for-splunk/">post</A> about EC certs which might help with this. Thank you again MuS.</P> Fri, 06 Jun 2014 21:04:08 GMT https://community.splunk.com/t5/Security/Most-Secure-Cipher-Collection-to-Use-with-Splunk/m-p/155004#M4673 jhernandez_splu 2014-06-06T21:04:08Z