Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting Invalid key in stanza [sslConfig] in server.conf for slVersionsForClient?

rholm01
Explorer
‎04-09-2019 05:08 PM

[sslConfig]
sslVersions = *,-ssl2
slVersionsForClient = *,-ssl2

Per the documentation
* The syntax is the same as the 'sslVersions' setting above.

Those entries are identical, so I don't understand why I am getting an error for one and not both.

Tags (1)
0 Karma
Reply

ragedsparrow
Contributor
‎04-09-2019 06:21 PM

So, from the spec file:

sslVersions = <versions_list>
* Comma-separated list of SSL versions to support for incoming connections.
* The versions available are "ssl3", "tls1.0", "tls1.1", and "tls1.2".
* The special version "*" selects all supported versions.  
  The version "tls"
  selects all versions tls1.0 or newer.
* If a version is prefixed with "-" it is removed from the list.
* SSLv2 is always disabled; "-ssl2" is accepted in the version list 
  but does nothing.
* When configured in FIPS mode, "ssl3" is always disabled regardless
  of this configuration.
* Default: The default can vary. See the 'sslVersions' setting in 
  the $SPLUNK_HOME/etc/system/default/server.conf file for the 
  curent default.

If you are trying to restrict ssl2, there is no reason to modify the sslVersion or sslVersionsForClient settings. However. Where I think your syntax is wrong is that you have a preceding comma, but nothing in front of it:

[sslConfig]
sslVersions = ,-ssl2
slVersionsForClient = ,-ssl2

I tested the following and had no issue:

[sslConfig]
sslVersions = -ssl2
sslVersionsForClient = -ssl2

It also appears there may be a typo in yours as well; You had slVersionsForClient instead of sslVersionsForClient

0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...