I am receiving a vulnerability on all my splunk servers saying that
IssueThe PCI Data Security Standard requires a minimum of TLS v1.1 and recommends TLS v1.2. In addition, FIPS 140-2 standard requires a minimum of TLS v1.1 and recommends TLS v1.2.
ResolutionConfigure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers for ports 2222 and 443
I tried looking into some files within splunk like outputs.conf, inputs.conf, server.conf etchttps://docs.splunk.com/Documentation/Splunk/8.0.3/Security/AboutTLSencryptionandciphersuites
I am unsure which files needs to be changed and is it the same process on indexes, deployment server, forwarders and search heads.
Could you please suggest?
Note: I tried changing the server.conf file on the search heads and restarted the splunk processes but it did not helped. I added the below linesslVersions = tls1.2
and tested it via the below command but i see still its running tlsv1openssl s_client -connect xxxxx002:443 -tls1
I'll suggest you to upgrade from Splunk 6.5.3 to 7.3.x or 8.0.x version. Splunk 6.5.x is out of support now. Have a look at Network port diagram https://docs.splunk.com/Documentation/Splunk/8.0.4/InheritedDeployment/Ports and accordingly you need to change ssl config in different conf files.