Getting Data In
Highlighted

Can a Splunk indexer accept ssl and non-ssl connections on the same port?

Motivator

I only need to have some of my forwarder's use SSL. Can I use the same port on my splunk server for ssl and non-ssl forwarder connections?

Tags (3)
Highlighted

Re: Can a Splunk indexer accept ssl and non-ssl connections on the same port?

Motivator

No, the splunktcp ssl port will only accept ssl connections. You'll need another splunktcp port to accept non-ssl forwarder connections.

Highlighted

Re: Can a Splunk indexer accept ssl and non-ssl connections on the same port?

Explorer

SSL is by its very nature an endpoint to endpoint protocol. The encrypted connection is established before any identifying traffic passes in either direction (other than the certificate exchange). You can never share encrypted and unencrypted traffic on the same server port.

Highlighted

Re: Can a Splunk indexer accept ssl and non-ssl connections on the same port?

Contributor

By the same token, Apache Webserver cannot accept ssl and non-ssl traffic on the same port. This is why we use port 80 for non-ssl and port 443 for ssl.