Archive
Highlighted

How to valite/remediate RC4 ciphers within Splunk?

Champion

Hi,

One of our Splunk servers was flagged for using RC4 ciphers. How can I validate and then disable this option within Splunk? We are using 6.5.4..

0 Karma
Highlighted

Re: How to valite/remediate RC4 ciphers within Splunk?

Champion

Anyone?

0 Karma
Highlighted

Re: How to valite/remediate RC4 ciphers within Splunk?

SplunkTrust
SplunkTrust

Hi @a212830,

If you run below command on splunk then it will display that RC4 is present in SSLv3 only.

$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v | grep RC4

So based on that if SSLv3 is not require then you can disable SSLv3 in 3 different files.

  1. For management port (Default port 8089) -> server.conf , under [sslConfig] stanza you can define sslVersions = *, -ssl2, -ssl3
  2. For receiver port (Indexer, Default port 9997) -> inputs.conf, under [SSL] stanza you can define sslVersions = *, -ssl2, -ssl3
  3. For splunkweb port (Default port 8000) -> web.conf, under [settings] stanza you can define sslVersions = *, -ssl2, -ssl3

View solution in original post

Highlighted

Re: How to valite/remediate RC4 ciphers within Splunk?

Ultra Champion

@a212830 - Would you accept this answer if it helped?

0 Karma
Highlighted

Re: How to valite/remediate RC4 ciphers within Splunk?

Champion

Done.

Hi Burch!

0 Karma