https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76023#M181442 <P>Is it only necessary to set 'supportSSLV3Only = true' in web.conf if enableSplunkWebSSL is also set to "true"? We do not currently have enableSplunkWebSSL defined so, based on the documentation, it appears enableSplunkWebSSL is "false" by default.</P> Tue, 16 Apr 2013 17:06:48 GMT kenshuff 2013-04-16T17:06:48Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76017#M181436 <P>We have Splunk 4.2.3 installed on some Linux hardened servers. Our Security team recently ran some scans and expressed concern regarding SSL on port 8089. After researching we determined that this port is used for Splunk deployment communication. </P> <P>It seems that their concern is that the SSL version is too low. They would like to see at least version v3TL1. </P> <P>I'm not very familiar with SSL. Could you tell me what SSL version Splunk uses? Is it possible to upgrade? What version of SSL does 4.3 use? </P> <P>Thanks, </P> Tue, 21 Feb 2012 18:13:58 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76017#M181436 Mick 2012-02-21T18:13:58Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76018#M181437 <P>Splunk 4.3 uses OpenSSL version 0.9.8r (<A href="http://docs.splunk.com/Documentation/Splunk/4.3/ReleaseNotes/openssl">http://docs.splunk.com/Documentation/Splunk/4.3/ReleaseNotes/OpenSSL)</A>. OpenSSL implements SSL v2/v3 and TLS v1 (<A href="http://www.openssl.org/">http://www.openssl.org/</A> ).</P> Tue, 21 Feb 2012 18:21:08 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76018#M181437 ChrisG 2012-02-21T18:21:08Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76019#M181438 <P>Not sure what V3TL1 is. Looking at their OpenSSL's tarball repository, while 0.9.8r is a year old there's only 2 later versions of 0.9.8 available, and a couple 1.0.0 releases.</P> <P>Are you sure it's OpenSSL versions, rather than supported/allowed cipher suites?</P> Tue, 21 Feb 2012 21:32:51 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76019#M181438 mikelanghorst 2012-02-21T21:32:51Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76020#M181439 <P>After further discussions it seems that the issue is that the security scan found the deployment port to be using SSL version 2. Is there a way to control what version of SSL is used? Can we make a parameter change to force SSL version 3 to be used? Thanks.</P> Fri, 24 Feb 2012 18:22:41 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76020#M181439 kenshuff 2012-02-24T18:22:41Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76021#M181440 <P>Yes, you can. To disable SSLv2 and tell the HTTP server to only accept connections from SSLv3 clients, set the supportSSLV3Only attribute in server.conf to true. By default, this setting is false. This information comes from <A href="http://docs.splunk.com/Documentation/Splunk/4.3/admin/SecureAccessToYourSplunkServerWithSSL#Disable_SSLv2">Secure Access to your Splunk Server</A> in the Admin Manual.</P> Fri, 24 Feb 2012 19:36:21 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76021#M181440 ChrisG 2012-02-24T19:36:21Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76022#M181441 <P>In order to completely disable SSLv2 on the Splunk WebUI you must modify two files. Making the change in only the /opt/splunk/etc/system/default/server.conf does not disable SSLv2. You must also make the same 'supportSSLV3Only = true' edit to the /opt/splunk/etc/system/default/web.conf file. We continued to see the SSLv2 vulnerability until we made the change to the server.conf AND web.conf file.</P> Fri, 12 Apr 2013 19:06:59 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76022#M181441 smixsonfujitsu 2013-04-12T19:06:59Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76023#M181442 <P>Is it only necessary to set 'supportSSLV3Only = true' in web.conf if enableSplunkWebSSL is also set to "true"? We do not currently have enableSplunkWebSSL defined so, based on the documentation, it appears enableSplunkWebSSL is "false" by default.</P> Tue, 16 Apr 2013 17:06:48 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76023#M181442 kenshuff 2013-04-16T17:06:48Z https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76024#M181443 <P>Never make changes to the files in default! Always make changes to the equivalent file in the local space, in this case /opt/splunk/etc/system/server.conf and web.conf. Making changes in default may be overridden when Splunk is upgraded. See <A href="http://docs.splunk.com/Documentation/Splunk/6.0.1/Admin/Howtoeditaconfigurationfile">http://docs.splunk.com/Documentation/Splunk/6.0.1/Admin/Howtoeditaconfigurationfile</A></P> Mon, 27 Jan 2014 21:05:46 GMT https://community.splunk.com/t5/Splunk-Search/What-version-of-SSL-does-splunkd-use/m-p/76024#M181443 ckurtz 2014-01-27T21:05:46Z