Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I remediate "Nessus ID 42873"?

araitz
Splunk Employee
Splunk Employee
‎04-06-2010 05:35 PM

What do I do if a Nessus vulnerability scan reports the "Nessus ID 42873 - SSL Medium Strength Cipher Suites Supported" vulnerability against my Splunk Web TCP port that is configured to use HTTPS?

Reply
1 Solution
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎04-06-2010 05:36 PM

You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web:

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Webconf

supportSSLV3Only = [True | False]

  • Allow only SSLv3 connections if true
  • NOTE: Enabling this may cause some browsers problems

UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites:

http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/

View solution in original post

Reply
Solved! Jump to solution

Greg_LeBlanc
Path Finder
‎08-31-2011 11:52 AM

You could also you the cipherSuite stanza in conjunction with the supportSSLV3Only stanza. 

supportSSLV3Only = true
cipherSuite = ALL:!EXP:!LOW:!ADH:!RC4:!SSLv2
Reply
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎04-06-2010 05:36 PM

You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web:

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Webconf

supportSSLV3Only = [True | False]

  • Allow only SSLv3 connections if true
  • NOTE: Enabling this may cause some browsers problems

UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites:

http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/

Reply
Solved! Jump to solution

peter_white
New Member
‎03-07-2011 05:00 PM

Did you find an answer to this one I am running into this same issue. I have "supportSSLV3Only = True" turned on but am seeing that same Nessus vulnerability during my scans.

0 Karma
Reply
Solved! Jump to solution

ddholstadz
Explorer
‎10-20-2010 06:28 PM

I have set it to sslv3 only, but now I get an error based on key size?

Plugin Output Here is the only medium strength SSL cipher supported by the remote server :

Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...