Getting Data In
Highlighted

Security audit finds ssl v2

Builder

openssl s_client -connect xx.xxx.xx.xx:9998 -ssl2

Added stanzas to indexer: 
path: etc/system/local/web.conf 
supportSSLV3Only = true 
path: etc/system/local/server.conf 
supportSSLV3Only = true 

What else do I need to stop the use of SSL version 2?

Tags (2)
Highlighted

Re: Security audit finds ssl v2

Builder

By the way, there is no handshake established when port 8089 is chosen, but I am trying to disable ssl v2 on a listening port for this indexer.

0 Karma
Highlighted

Re: Security audit finds ssl v2

Builder

You can also use supportSSLV3Only in your inputs.conf in the [SSL] stanza. Maybe go ahead and set some more secure ciphers while you're at it, something like:

[SSL]
supportSSLV3Only = true
cipherSuite = HIGH

However, keep in mind that if you're allowing connections from untrusted networks, you'll probably want to use forwarder to indexer authentication to protect your forwarders from connecting to a rogue indexer. There's pretty good information about how to do this in the About securing data from forwarders section of the documentation but it could add a lot of complexity to your environment. Good luck!

View solution in original post