Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What protocol is used for the SSL connection between the Splunk forwarder and index?

Meterman
New Member
‎01-12-2017 07:36 AM

I would like to know what protocols / ciphers are used for the ssl connection. Is it SSLv3, TLS1.0, TLS1.1 or TLS1.2?
Is that determined by the OS or Splunk?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-12-2017 08:52 AM

Hi Meterman,

The default SSL version is tls1.2, but these versions are all supported: "ssl3", "tls1.0", "tls1.1", and "tls1.2".

You can specify the SSL version in authentication.conf and server.conf

authentication.conf

sslVersions = <versions_list>
* OPTIONAL
* Comma-separated list of SSL versions to support.
* The versions available are "ssl3", "tls1.0", "tls1.1", and "tls1.2"
* If not set, defaults to the setting in server.conf.

server.conf

sslVersions = <versions_list>
* OPTIONAL
* Comma-separated list of SSL versions to support.
* The versions available are "ssl3", "tls1.0", "tls1.1", and "tls1.2"
* If not set, defaults to the setting in server.conf.

Hope this helps. Thanks!
Hunter

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-12-2017 08:52 AM

Hi Meterman,

The default SSL version is tls1.2, but these versions are all supported: "ssl3", "tls1.0", "tls1.1", and "tls1.2".

You can specify the SSL version in authentication.conf and server.conf

authentication.conf

sslVersions = <versions_list>
* OPTIONAL
* Comma-separated list of SSL versions to support.
* The versions available are "ssl3", "tls1.0", "tls1.1", and "tls1.2"
* If not set, defaults to the setting in server.conf.

server.conf

sslVersions = <versions_list>
* OPTIONAL
* Comma-separated list of SSL versions to support.
* The versions available are "ssl3", "tls1.0", "tls1.1", and "tls1.2"
* If not set, defaults to the setting in server.conf.

Hope this helps. Thanks!
Hunter

0 Karma
Reply
Solved! Jump to solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-12-2017 08:54 AM

server.conf
sslVersions =
* Comma-separated list of SSL versions to connect to 'url' (https://apps.splunk.com).
* The versions available are "ssl3", "tls1.0", "tls1.1", and "tls1.2".
* The special version "*" selects all supported versions. The version "tls"
selects all versions tls1.0 or newer.
* If a version is prefixed with "-" it is removed from the list.
* SSLv2 is always disabled; "-ssl2" is accepted in the version list but does nothing.
* When configured in FIPS mode, ssl3 is always disabled regardless
of this configuration.
* Defaults to "tls1.2".

0 Karma
Reply
Solved! Jump to solution

Meterman
New Member
‎01-12-2017 08:55 AM

Thankyou very much. That is great information!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...