Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to disable SSL v2 for the forwarder mgmt port?

cjohn
Engager
‎06-03-2010 10:38 PM

The SSL implementation for the management port supports SSLv2, and this is adding a lot of noise to our vulnerability reports. Is there a way to disable SSLv2 for this?

Tags (1)
Reply

BastianW
Path Finder
‎07-24-2012 08:23 PM

thanks for sharing, we had the same issue here (The splunk forwarder installed on our server was listening to 8089). Did you saw some "side effects" once you changed that?

0 Karma
Reply

BastianW
Path Finder
‎06-11-2013 06:26 AM

Just an update here ... we changed that on the forwarder side and haven´t seen any issue so far.

0 Karma
Reply

deyeo
Path Finder
‎04-04-2011 02:23 AM

i've configured that in the local directory instead of the default directory. so how can we verify that it is indeed only SSL version 3?

Reply

deyeo
Path Finder
‎04-04-2011 09:11 AM

openssl s_client -connect x.x.x.x:xxxx -ssl2 -no_ssl3 -no_tls1

If SSLv2 is not supported, it should give some error like this:

Loading 'screen' into random state - done
CONNECTED(00000774)
5708:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:.\ssl\s2_pkt.c:682:
5708:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:.\ssl\s2_pkt.c:430:

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎06-04-2010 03:07 PM

http://www.splunk.com/base/Documentation/latest/Admin/Serverconf

note settings under [sslConfig]:

supportSSLV3Only = <true|false>
        * If true, tells the HTTP server to only accept connections
        * from SSLv3 clients.
        * Default is false.
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...