Hi Splunkers!
i'm trying to configure SSL compression beetween Forwarders & Indexers with default cert but the compression seem doesn't working.
On Indexer splunkd.log the flag useCompression is set to N --> useCompression=N and don't write the line "INFO TcpInputProc - Port 9998 is compressed" (based on https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Validateyourconfiguration):
07-16-2019 12:18:06.615 +0200 DEBUG TcpInputConfig - stanza="SSL", rootCAPath="C:\Program Files\Splunk\etc\auth\cacert.pem", certFile="C:\Program Files\Splunk\etc\auth\server.pem", privateKeyFile="C:\Program Files\Splunk\etc\auth\server.pem", privateKeyPassword_set=Y, commonNameToCheck="", altNameToCheck="", allowSslRenegotiation=Y, sslVersions="SSL3,TLS1.0,TLS1.1,TLS1.2", cipherSuite="ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM", ecdhCurves="prime256v1, secp384r1, secp521r1", dhFile="", useCompression=N, quietShutdown=N
07-16-2019 12:18:06.625 +0200 DEBUG TcpInputConfig - Attempting to load token cache
07-16-2019 12:18:06.625 +0200 INFO TcpInputConfig - IPv4 port 9998 is reserved for splunk 2 splunk (SSL)
07-16-2019 12:18:06.625 +0200 INFO TcpInputConfig - IPv4 port 9998 will negotiate s2s protocol level 4
07-16-2019 12:18:06.626 +0200 DEBUG TcpInputConfig - global prop rdnsMaxDutyCycle=10
Any idea on what to check?
Thanks