https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187254#M5527 <P>As of this writing the latest Splunk does not support STARTTLS. </P> Thu, 03 Sep 2015 00:13:14 GMT sylim_splunk 2015-09-03T00:13:14Z https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187253#M5526 <P>According to <A href="http://www.tenable.com/blog/pci-ssc-announces-the-end-of-ssl-usage-for-the-payment-card-industry">Tenable</A> we will have to disable LDAPS soon.<BR /> Is it possible to use STARTTLS on LDAP port in Splunk instead?</P> Tue, 17 Mar 2015 09:43:10 GMT https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187253#M5526 mpavlas 2015-03-17T09:43:10Z https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187254#M5527 <P>As of this writing the latest Splunk does not support STARTTLS. </P> Thu, 03 Sep 2015 00:13:14 GMT https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187254#M5527 sylim_splunk 2015-09-03T00:13:14Z https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187255#M5528 <P>LDAPS as with most things (s) such as https the s stands for secure not SSL. The LDAP server configuration determines what crypto is offered and should be updated to only permit appropriately secure TLS options. "STARTTLS" is a potentially less secure choice where the server defaults to insecure communication and requires the client to request a step up to secure. This was a useful bridge for legacy communications such as LDAP, SMTP, and FTP but is not related to the need to remove support for older now less secure encryption protocols SSL* TLS 1.0 and TLS 1.1</P> <P>Presuming your LDAP server is Microsoft Active Directory this vulnerability should be reviewed by your Active Directory admins to resolve.</P> <P>This may also be a great time to consider moving to SAML based authentication to reduce the risk of credential compromise via plain text bind.</P> Mon, 28 Oct 2019 15:54:55 GMT https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187255#M5528 rfaircloth_splu 2019-10-28T15:54:55Z https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187256#M5529 <P>This is not an answer. This is weasely language to put off the fact that we don't have a clear answer. <EM>Does Splunk support STARTTLS or not?</EM> It is a <STRONG>Yes</STRONG> or <STRONG>No</STRONG> answer.</P> <BLOCKQUOTE> <P>"STARTTLS" is a potentially less secure choice where the server defaults to insecure communication<BR /> This is avoiding the technical question and a non-answer.</P> <P>This was a useful bridge for legacy communications such as LDAP, SMTP, and FTP but is not related to the need to remove support for older now less secure encryption protocols SSL* TLS 1.0 and TLS 1.1<BR /> The question is not about the default security considerations of the users LDAP server.</P> </BLOCKQUOTE> Mon, 02 Dec 2019 17:16:59 GMT https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187256#M5529 jpl3harris 2019-12-02T17:16:59Z https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187257#M5530 <P>the original answer "no start TLS" is the correct answer. My response was to provide additional color to the reason for the question which is a vuln scanner is driving an incorrect response to "disable" ldaps. When the proper fix is simply to harden ldaps. </P> Mon, 02 Dec 2019 17:27:54 GMT https://community.splunk.com/t5/Security/Does-Splunk-LDAP-support-STARTTLS/m-p/187257#M5530 rfaircloth_splu 2019-12-02T17:27:54Z