We were recently flagged for supporting SSLv2, and we want to change our systems to only support TLS. We run Splunk 6.5.4 on Linux, and the majority of our forwarders are version 6.3.11 and above, with a couple of 6.2 forwarders.
My thought was the since the forwarders are not configured to use a specific version of SSL, I should be able to change the indexers to only use TLS, and the forwarder will still be able to determine the change and communicate. Is that accurate? Or will they all need to be restarted? Or, do I need to coordinate this in great detail?
So, you'll want to sanity check against http://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwith... but regardless of what you see in the docs, you def want to test this before rolling it out to make sure that your understanding of the docs match up what the behavior they intended to document.
Anyone?