https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412283#M9854 <P>Support for earlier TLS versions than v1.2 requires adding more cipherSuites, so now I have support for all the versions ( it's actually intended for earlier than Splunk 5.x versions compatibility, but get;s me what I want anyway)</P> <P>[SSL]<BR /> rootCA = $SPLUNK_HOME/etc/auth/cacert.pem<BR /> serverCert = $SPLUNK_HOME/etc/auth/server.pem<BR /> sslVersions = tls<BR /> cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA:AES256-SHA:AES128-SHA</P> Tue, 29 Sep 2020 23:32:03 GMT tiagofbmm 2020-09-29T23:32:03Z https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412281#M9852 <P>I'm trying to get Splunk to accept SSLv3 for a special case of tcp-ssl input, and although specifying sslVersions = "ssl3", <EM>nmap --script ssl-enum-ciphers localhost -p 9998</EM> always returns TLSv1.2 as the only one accepted... any ideas why is my parameter ignored?</P> <PRE><CODE>Starting Nmap 7.60 at 2019-03-01 08:53 GMT Nmap scan report for localhost (127.0.0.1) Host is up (0.000049s latency). PORT STATE SERVICE 9998/tcp open distinct32 | ssl-enum-ciphers: | TLSv1.2: </CODE></PRE> Fri, 01 Mar 2019 10:14:37 GMT https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412281#M9852 tiagofbmm 2019-03-01T10:14:37Z https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412282#M9853 <P>Hi,</P> <P>Can you please try to connect with openssl command as given below</P> <PRE><CODE>/opt/splunk/bin/splunk cmd openssl s_client -connect localhost:9998 -ssl3 </CODE></PRE> <P>If it will generate error as given below then it means that it is not accepting traffic on sslv3</P> <PRE><CODE>CONNECTED(00000003) 140269635843760:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1498:SSL alert number 40 140269635843760:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659: </CODE></PRE> Fri, 01 Mar 2019 10:36:35 GMT https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412282#M9853 harsmarvania57 2019-03-01T10:36:35Z https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412283#M9854 <P>Support for earlier TLS versions than v1.2 requires adding more cipherSuites, so now I have support for all the versions ( it's actually intended for earlier than Splunk 5.x versions compatibility, but get;s me what I want anyway)</P> <P>[SSL]<BR /> rootCA = $SPLUNK_HOME/etc/auth/cacert.pem<BR /> serverCert = $SPLUNK_HOME/etc/auth/server.pem<BR /> sslVersions = tls<BR /> cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA:AES256-SHA:AES128-SHA</P> Tue, 29 Sep 2020 23:32:03 GMT https://community.splunk.com/t5/Security/SSL-Versions-for-tcp-ssl-input-ignored/m-p/412283#M9854 tiagofbmm 2020-09-29T23:32:03Z