Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

The remote service allows repeated renegotiation of TLS / SSL connections.

BastianW
Path Finder
‎07-24-2012 08:34 PM

Our Nessus scan is currently mention the following issues for a service running on port 8089 (which is the splunk forwarder). The complete issue is:

*Synopsis:
The remote service allows repeated renegotiation of TLS / SSL connections.



Description
:
The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition.



Solution
:
Contact the vendor for specific patch information.*

How can we solve that?

Tags (3)
0 Karma
Reply

jamesphilput
Engager
‎10-29-2012 07:29 AM

Were you able to find a solution to this problem? I'm seeing the same issue with the most recent Universal Forwarder software.

Reply

BastianW
Path Finder
‎07-25-2012 04:46 AM

I have installed splunkforwarder-4.3.3-128297-x64-release.msi and this didn´t fix the issue (I also use "supportSSLV3Only = true" in my config).

In the Splunk Product Security Policy I couldn´t also not found anything which is related to the issue above. The issue you refer to seamed to be a "old" SSL issue which didn´t apply here.

0 Karma
Reply

BastianW
Path Finder
‎12-13-2012 11:27 PM

Just updated to Splunk Forwarder 5.0.1 and I still have the same issue.

0 Karma
Reply

MarioM
Motivator
‎07-25-2012 10:51 AM

Then i would advise you to open a support case

0 Karma
Reply

MarioM
Motivator
‎07-24-2012 10:52 PM

Here Splunk Product Security Policy you will find the procedure.

And it seems to be fixed in 4.2.3 and above SPL40645

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...