We were recently flagged for supporting SSLv2, and we want to change our systems to only support TLS. We run Splunk 6.5.4 on Linux, and the majority of our forwarders are version 6.3.11 and above, with a couple of 6.2 forwarders.
My thought was the since the forwarders are not configured to use a specific version of SSL, I should be able to change the indexers to only use TLS, and the forwarder will still be able to determine the change and communicate. Is that accurate? Or will they all need to be restarted? Or, do I need to coordinate this in great detail?