Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I remediate "Nessus ID 42873"?

araitz
Splunk Employee
Splunk Employee
‎04-06-2010 05:35 PM

What do I do if a Nessus vulnerability scan reports the "Nessus ID 42873 - SSL Medium Strength Cipher Suites Supported" vulnerability against my Splunk Web TCP port that is configured to use HTTPS?

Reply
1 Solution
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎04-06-2010 05:36 PM

You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web:

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Webconf

supportSSLV3Only = [True | False]

  • Allow only SSLv3 connections if true
  • NOTE: Enabling this may cause some browsers problems

UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites:

http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/

View solution in original post

Reply
Solved! Jump to solution

Greg_LeBlanc
Path Finder
‎08-31-2011 11:52 AM

You could also you the cipherSuite stanza in conjunction with the supportSSLV3Only stanza. 

supportSSLV3Only = true
cipherSuite = ALL:!EXP:!LOW:!ADH:!RC4:!SSLv2
Reply
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎04-06-2010 05:36 PM

You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web:

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Webconf

supportSSLV3Only = [True | False]

  • Allow only SSLv3 connections if true
  • NOTE: Enabling this may cause some browsers problems

UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites:

http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/

Reply
Solved! Jump to solution

peter_white
New Member
‎03-07-2011 05:00 PM

Did you find an answer to this one I am running into this same issue. I have "supportSSLV3Only = True" turned on but am seeing that same Nessus vulnerability during my scans.

0 Karma
Reply
Solved! Jump to solution

ddholstadz
Explorer
‎10-20-2010 06:28 PM

I have set it to sslv3 only, but now I get an error based on key size?

Plugin Output Here is the only medium strength SSL cipher supported by the remote server :

Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...