topic Re: Security audit finds ssl v2 in Getting Data In

Security audit finds ssl v2

ben_leung — Thu, 10 Jul 2014 20:21:17 GMT

openssl s_client -connect xx.xxx.xx.xx:9998 -ssl2

Added stanzas to indexer: 
path: etc/system/local/web.conf 
supportSSLV3Only = true 
path: etc/system/local/server.conf 
supportSSLV3Only = true

What else do I need to stop the use of SSL version 2?

Re: Security audit finds ssl v2

ben_leung — Thu, 10 Jul 2014 21:12:33 GMT

By the way, there is no handshake established when port 8089 is chosen, but I am trying to disable ssl v2 on a listening port for this indexer.

Re: Security audit finds ssl v2

jtacy — Fri, 11 Jul 2014 00:03:44 GMT

You can also use supportSSLV3Only in your inputs.conf in the [SSL] stanza. Maybe go ahead and set some more secure ciphers while you're at it, something like:

[SSL] supportSSLV3Only = true cipherSuite = HIGH

However, keep in mind that if you're allowing connections from untrusted networks, you'll probably want to use forwarder to indexer authentication to protect your forwarders from connecting to a rogue indexer. There's pretty good information about how to do this in the About securing data from forwarders section of the documentation but it could add a lot of complexity to your environment. Good luck!