Security

Is there a way to disable SSL v2 for the forwarder mgmt port?

cjohn
Engager

The SSL implementation for the management port supports SSLv2, and this is adding a lot of noise to our vulnerability reports. Is there a way to disable SSLv2 for this?

Tags (1)

BastianW
Path Finder

thanks for sharing, we had the same issue here (The splunk forwarder installed on our server was listening to 8089). Did you saw some "side effects" once you changed that?

0 Karma

BastianW
Path Finder

Just an update here ... we changed that on the forwarder side and haven´t seen any issue so far.

0 Karma

deyeo
Path Finder

i've configured that in the local directory instead of the default directory. so how can we verify that it is indeed only SSL version 3?

deyeo
Path Finder

openssl s_client -connect x.x.x.x:xxxx -ssl2 -no_ssl3 -no_tls1

If SSLv2 is not supported, it should give some error like this:

Loading 'screen' into random state - done
CONNECTED(00000774)
5708:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:.\ssl\s2_pkt.c:682:
5708:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:.\ssl\s2_pkt.c:430:

gkanapathy
Splunk Employee
Splunk Employee

http://www.splunk.com/base/Documentation/latest/Admin/Serverconf

note settings under [sslConfig]:

supportSSLV3Only = <true|false>
        * If true, tells the HTTP server to only accept connections
        * from SSLv3 clients.
        * Default is false.
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...