Security

How do I remediate "Nessus ID 42873"?

Splunk Employee
Splunk Employee

What do I do if a Nessus vulnerability scan reports the "Nessus ID 42873 - SSL Medium Strength Cipher Suites Supported" vulnerability against my Splunk Web TCP port that is configured to use HTTPS?

1 Solution

Splunk Employee
Splunk Employee

You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web:

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Webconf

supportSSLV3Only = [True | False]

  • Allow only SSLv3 connections if true
  • NOTE: Enabling this may cause some browsers problems

UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites:

http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/

View solution in original post

Path Finder

You could also you the cipherSuite stanza in conjunction with the supportSSLV3Only stanza.

supportSSLV3Only = true
cipherSuite = ALL:!EXP:!LOW:!ADH:!RC4:!SSLv2

Splunk Employee
Splunk Employee

You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web:

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Webconf

supportSSLV3Only = [True | False]

  • Allow only SSLv3 connections if true
  • NOTE: Enabling this may cause some browsers problems

UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites:

http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/

View solution in original post

New Member

Did you find an answer to this one I am running into this same issue. I have "supportSSLV3Only = True" turned on but am seeing that same Nessus vulnerability during my scans.

0 Karma

Explorer

I have set it to sslv3 only, but now I get an error based on key size?

Plugin Output Here is the only medium strength SSL cipher supported by the remote server :

Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

0 Karma