https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208790#M41129 <P>This fixed it, thanks.</P> <P>As an aside I realised a quicker way of testing it is to use the openssl connect</P> <PRE><CODE> openssl s_client -connect localhost:8089 -ssl2 </CODE></PRE> Thu, 10 Sep 2015 14:02:12 GMT terryjohn 2015-09-10T14:02:12Z https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208788#M41127 <P>I am running a Centos 6 machine with splunkforwarder-6.2.5 installed. When running a vulnerability scan using OpenVAS, it tells me that usage of SSLv2 and SSLv3 can be detected. The messages are </P> <PRE><CODE>Deprecated SSLv2 and SSLv3 Protocol Detection: port 8089 It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system. </CODE></PRE> <P>I have edited $SPLUNK_HOME/etc/system/local/inputs.conf</P> <PRE><CODE>[SSL] sslVersions = tls </CODE></PRE> <P>I have also edited $SPLUNK_HOME/etc/system/local/web.conf</P> <PRE><CODE>[settings] enableSplunkWebSSL = 1 sslVersions = tls </CODE></PRE> <P>After restarting the forwarder, another scan showed the same vulnerabilities. </P> <P>I need to know if these are the right files to change to prevent the splunk forwarder from using any protocol less than TLSv1.0</P> Thu, 10 Sep 2015 09:56:41 GMT https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208788#M41127 terryjohn 2015-09-10T09:56:41Z https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208789#M41128 <P>The settings you have chosen are for Splunk Web, not the management port (8089). You need to edit the <CODE>server.conf</CODE>. </P> <P>server.conf</P> <PRE><CODE> [sslConfig] sslVersions = tls </CODE></PRE> <P>The documentation is at <A href="http://docs.splunk.com/Documentation/Splunk/6.2.5/admin/Serverconf">http://docs.splunk.com/Documentation/Splunk/6.2.5/admin/Serverconf</A> . The relevant portion is below.</P> <PRE><CODE>[sslConfig] * Set SSL for communications on Splunk back-end under this stanza name. * NOTE: To set SSL (eg HTTPS) for Splunk Web and the browser, use web.conf. * Follow this stanza name with any number of the following attribute/value pairs. * If you do not specify an entry for each attribute, Splunk will use the default value. sslVersions = &lt;versions_list&gt; * Comma-separated list of SSL versions to support * The versions available are "ssl2", "ssl3", "tls1.0", "tls1.1", and "tls1.2" * The special version "*" selects all supported versions. The version "tls" selects all versions tls1.0 or newer * If a version is prefixed with "-" it is removed from the list * When configured in FIPS mode ssl2 and ssl3 are always disabled regardless of this configuration * Defaults to "*,-ssl2". (anything newer than SSLv2) </CODE></PRE> Thu, 10 Sep 2015 11:24:17 GMT https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208789#M41128 alacercogitatus 2015-09-10T11:24:17Z https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208790#M41129 <P>This fixed it, thanks.</P> <P>As an aside I realised a quicker way of testing it is to use the openssl connect</P> <PRE><CODE> openssl s_client -connect localhost:8089 -ssl2 </CODE></PRE> Thu, 10 Sep 2015 14:02:12 GMT https://community.splunk.com/t5/Getting-Data-In/Running-a-vulnerability-scan-on-my-CentOS-6-Splunk-forwarder-why/m-p/208790#M41129 terryjohn 2015-09-10T14:02:12Z