The SSL implementation for the management port supports SSLv2, and this is adding a lot of noise to our vulnerability reports. Is there a way to disable SSLv2 for this?
thanks for sharing, we had the same issue here (The splunk forwarder installed on our server was listening to 8089). Did you saw some "side effects" once you changed that?
Just an update here ... we changed that on the forwarder side and haven´t seen any issue so far.
i've configured that in the local directory instead of the default directory. so how can we verify that it is indeed only SSL version 3?
openssl s_client -connect x.x.x.x:xxxx -ssl2 -no_ssl3 -no_tls1
If SSLv2 is not supported, it should give some error like this:
Loading 'screen' into random state - done
CONNECTED(00000774)
5708:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:.\ssl\s2_pkt.c:682:
5708:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:.\ssl\s2_pkt.c:430:
http://www.splunk.com/base/Documentation/latest/Admin/Serverconf
note settings under [sslConfig]
:
supportSSLV3Only = <true|false>
* If true, tells the HTTP server to only accept connections
* from SSLv3 clients.
* Default is false.