Enable TLS1.2 for splunk 6.5.3

Path Finder

Hi Splunkers,

I am receiving a vulnerability on all my splunk servers saying that

The PCI Data Security Standard requires a minimum of TLS v1.1 and recommends TLS v1.2. In addition, FIPS 140-2 standard requires a minimum of TLS v1.1 and recommends TLS v1.2.

Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers for ports 2222 and 443

I tried looking into some files within splunk like outputs.conf, inputs.conf, server.conf etc

I am unsure which files needs to be changed and is it the same process on indexes, deployment server, forwarders and search heads.

Could you please suggest?

Note: I tried changing the server.conf file on the search heads and restarted the splunk processes but it did not helped. I added the below line
sslVersions = tls1.2

and tested it via the below command but i see still its running tlsv1
openssl s_client -connect xxxxx002:443 -tls1


Labels (2)
Tags (2)
0 Karma



I'll suggest you to upgrade from Splunk 6.5.3 to 7.3.x or 8.0.x version. Splunk 6.5.x is out of support now. Have a look at Network port diagram and accordingly you need to change ssl config in different conf files.

In general

  1. For port 8000 - web.conf
  2. For port 9997 - inputs.conf
  3. For port 8089 - server.conf
0 Karma