Hi,
One of our Splunk servers was flagged for using RC4 ciphers. How can I validate and then disable this option within Splunk? We are using 6.5.4..
Hi @a212830,
If you run below command on splunk then it will display that RC4 is present in SSLv3 only.
$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v | grep RC4
So based on that if SSLv3 is not require then you can disable SSLv3 in 3 different files.
[sslConfig]
stanza you can define sslVersions = *, -ssl2, -ssl3
[SSL]
stanza you can define sslVersions = *, -ssl2, -ssl3
[settings]
stanza you can define sslVersions = *, -ssl2, -ssl3
Hi @a212830,
If you run below command on splunk then it will display that RC4 is present in SSLv3 only.
$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v | grep RC4
So based on that if SSLv3 is not require then you can disable SSLv3 in 3 different files.
[sslConfig]
stanza you can define sslVersions = *, -ssl2, -ssl3
[SSL]
stanza you can define sslVersions = *, -ssl2, -ssl3
[settings]
stanza you can define sslVersions = *, -ssl2, -ssl3
@a212830 - Would you accept this answer if it helped?
Done.
Hi Burch!
Anyone?