We continue to get the freak vulnerability security item show up on our scans and the ssl version of splunk was identified as an issue. Does the new install package remove the old ssl version or do I have to remove it manually?
Hi panzerkw,
you're asking actually two different things here.
The initial question was how can I verify which version of SSL it's using?
Answer: check out this answer https://answers.splunk.com/answers/134053/ciphersuite-in-various-conf-files.html or run this command $SPLUNK_HOME/bin/splunk cmd openssl version
The second question was Does the new install package remove the old ssl version or do I have to remove it manually?
Answer: Splunk's install package include all software components that Splunk require, so it will update the SSL version in $SPLUNK_HOME
not the one for the OS!
Hope this helps ...
cheers, MuS
Just to add to the wonderful comment above (thank you MuS), you will also find the version listed in the release notes, under third party software.
http://docs.splunk.com/Documentation/Splunk/6.2.6/ReleaseNotes/OpenSSL
Just in case you want to compare Splunk versions or confirm prior to installation.