Security
Highlighted

Enable TLS1.2 for splunk 6.5.3

New Member

Hi Splunkers,

I am receiving a vulnerability on all my splunk servers saying that

Issue
The PCI Data Security Standard requires a minimum of TLS v1.1 and recommends TLS v1.2. In addition, FIPS 140-2 standard requires a minimum of TLS v1.1 and recommends TLS v1.2.

Resolution
Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers for ports 2222 and 443

I tried looking into some files within splunk like outputs.conf, inputs.conf, server.conf etc
https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/AboutTLSencryptionandciphersuites

I am unsure which files needs to be changed and is it the same process on indexes, deployment server, forwarders and search heads.

Could you please suggest?

Note: I tried changing the server.conf file on the search heads and restarted the splunk processes but it did not helped. I added the below line
sslVersions = tls1.2

and tested it via the below command but i see still its running tlsv1
openssl s_client -connect xxxxx002:443 -tls1

Thanks,
Amit

Labels (2)
Tags (2)
0 Karma
Highlighted

Re: Enable TLS1.2 for splunk 6.5.3

SplunkTrust
SplunkTrust

Hi,

I'll suggest you to upgrade from Splunk 6.5.3 to 7.3.x or 8.0.x version. Splunk 6.5.x is out of support now. Have a look at Network port diagram https://docs.splunk.com/Documentation/Splunk/8.0.4/InheritedDeployment/Ports and accordingly you need to change ssl config in different conf files.

In general

  1. For port 8000 - web.conf
  2. For port 9997 - inputs.conf
  3. For port 8089 - server.conf
0 Karma