Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Deployment Architecture
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How to valite/remediate RC4 ciphers within Splunk?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a212830
Champion
02-02-2018
07:15 AM
Hi,
One of our Splunk servers was flagged for using RC4 ciphers. How can I validate and then disable this option within Splunk? We are using 6.5.4..
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
02-05-2018
07:07 AM
Hi @a212830,
If you run below command on splunk then it will display that RC4 is present in SSLv3 only.
$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v | grep RC4
So based on that if SSLv3 is not require then you can disable SSLv3 in 3 different files.
- For management port (Default port 8089) -> server.conf , under
[sslConfig]stanza you can definesslVersions = *, -ssl2, -ssl3 - For receiver port (Indexer, Default port 9997) -> inputs.conf, under
[SSL]stanza you can definesslVersions = *, -ssl2, -ssl3 - For splunkweb port (Default port 8000) -> web.conf, under
[settings]stanza you can definesslVersions = *, -ssl2, -ssl3
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
02-05-2018
07:07 AM
Hi @a212830,
If you run below command on splunk then it will display that RC4 is present in SSLv3 only.
$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v | grep RC4
So based on that if SSLv3 is not require then you can disable SSLv3 in 3 different files.
- For management port (Default port 8089) -> server.conf , under
[sslConfig]stanza you can definesslVersions = *, -ssl2, -ssl3 - For receiver port (Indexer, Default port 9997) -> inputs.conf, under
[SSL]stanza you can definesslVersions = *, -ssl2, -ssl3 - For splunkweb port (Default port 8000) -> web.conf, under
[settings]stanza you can definesslVersions = *, -ssl2, -ssl3
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sloshburch
Ultra Champion
02-06-2018
05:12 AM
@a212830 - Would you accept this answer if it helped?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a212830
Champion
02-14-2018
04:42 AM
Done.
Hi Burch!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a212830
Champion
02-05-2018
06:35 AM
Anyone?
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
