SSL anonymous ciphers supported



We are using the Tenable Infrastructure Vulnerability scanner to scan regularly our complete infrastructure. Tenable reports following findings for the Splunk Server Ports: SSL Anonymous Cipher Suites Supported

Please find below the plugin output:

The following is a list of SSL anonymous ciphers supported by the remote TCP server :

  High Strength Ciphers (>= 112-bit key)

    Name                          Code             KEX           Auth     Encryption             MAC

    ----------------------        ----------       ---           ----     ---------------------  ---

    AECDH-AES128-SHA              0xC0, 0x18       ECDH          None     AES-CBC(128)           SHA1

    AECDH-AES256-SHA              0xC0, 0x19       ECDH          None     AES-CBC(256)           SHA1

The fields above are :

  {Tenable ciphername}

  {Cipher ID code}

  Kex={key exchange}


  Encrypt={symmetric encryption method}

  MAC={message authentication code}

  {export flag}


Could you please advise how to adjust the SSL Splunk configuration to fix this issue? Can this be fixed by setting certain value to cipherSuite in server.conf?

The above issue is reported for the ports (2)8191 and (2)8089. 

Our server.conf (local) looks as follows:

port = 28191

master_uri =

# Workaround to overcome the connection issues to the license server

# To address Vulnerability Scan:
sslVersions = tls1.2
sslVersionsForClient = *,-ssl2
enableSplunkdSSL = true
serverCert = /etc/apache2/splunk.pem

# Workaround to overcome the connection issues to the license server
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

# To address Vulnerability Scan:
allowSslCompression = false
useClientSSLCompression = false
useSplunkdClientSSLCompression = false

sslPassword = xxx

pass4SymmKey = xxx
trustedIP =


The cipherSuite in server.conf (default) looks as follows:

sslVersions = tls1.2
ecdhCurves = prime256v1, secp384r1, secp521r1


Could you please advice?

Kind regards,


Labels (1)
0 Karma
1 Solution


The solution is:

cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:!aNULL:@STRENGTH

View solution in original post

0 Karma


The solution is:

cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:!aNULL:@STRENGTH
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...