Security
Highlighted

Issues using the ciphersuite = in the server.conf

Engager

Hello,

We are running Splunk 4.1.4 and I have enabled sslv3 and that works fine, however I am unable to specify (and make work) strong ciphers.

We need to specifically disable DES-CBC-SHA

When running btool debug I see the ciphers being specified but I still can connect to the web interface.

system     [SSL]
system     cipherSuite = HIGH:MEDIUM
system     [default]
voxeoui    [settings]
system     SSOMode = permissive

HELP!

Tags (3)
Highlighted

Re: Issues using the ciphersuite = in the server.conf

Splunk Employee
Splunk Employee

The cipher suite that you have specified in server.conf is effective for the SSL/TLS of splunkd's management port (port 8089 by default).

UPDATE: although in 4.0 through 4.2.5 it is not possible to specify a cipher suite for Splunk Web (port 8000 by default), in Splunk 4.3 and beyond, web.conf does accept the cipherSuite setting; see this link for more information.

View solution in original post

Highlighted

Re: Issues using the ciphersuite = in the server.conf

SplunkTrust
SplunkTrust

It looks like the most recent version of CherryPy (3.2: http://www.cherrypy.org/wiki/WhatsNewIn32#SSL) allows the use of the Python ssl module, which I believe would allow for the selection of cipher suites. Any word on when this support will be available in Splunk?

0 Karma
Highlighted

Re: Issues using the ciphersuite = in the server.conf

Splunk Employee
Splunk Employee

We cannot be specific about forthcoming release milestones, but suffice it to say that we understand the need to specify cipher suites in web.conf.

0 Karma
Highlighted

Re: Issues using the ciphersuite = in the server.conf

SplunkTrust
SplunkTrust
0 Karma