Hi Team,
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode vulnerability have been identified on Splunk during internal scan.
The internal PA team asked us to upgrade to TLSv1.1 or TLSv1.2,if not possible to upgrade they asked us to disable CBC mode ciphers.
It could be better if you could guide us to fix the issue.strong text
Regards,
Shiva
Just an update to make sure people use the current options: (v7.3+)
https://docs.splunk.com/Documentation/Splunk/latest/Security/Ciphersuites
HTH,
Holger
For Splunkd (port 8089 by default) - the proper setting of cipher suites is in server.conf
under the sslConfig
stanza, set the cipherSuite
option using a valid OpenSSL cipher suite specification. See http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf
For splunkweb, there are similar settings in web.conf
.
Hi dawadle,
I would like to know how we can replace SSL version to TLS version.
I guess by default splunk is using SSL encryption.
Please advice.
Thanks and Regards,
Shiva