Verifying TLS 1.2 Cipher suites disabled?

sonicZ · ‎06-04-2022

We have a PCI requirement to disable TLS1.1 or TLS1.0 cipher suites such as

- TLSv1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA

- TLSv1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLSv1.0 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- TLSv1.0 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- TLSv1.1 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

- TLSv1.1 TLS_DHE_RSA_WITH_AES_128_CBC_SHA

- TLSv1.1 TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Among others...

I checked a few docs and tested disabling anything less then TLS 1.2 in

sslVersions =  tls1.2

https://docs.splunk.com/Documentation/Splunk/8.2.6/Security/SetyourSSLversion

How can i be sure the above cipher suites are disabled and TLS 1.2 is the only allowed?

from previous posts i read we can use openssl to test via and look for any errors or the full certificate response if its open?
openssl s_client -connect ipaddress:port -tls1_1our currrent server.conf is as follows

Here is our current server.conf

[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

sonicZ · ‎06-07-2022

I do see this document describes configuration of using TLS 1.2 cipher suites that are marked secure by PCI requirements.
Just looking to understand the ramifications of connectivity if i do change the web.conf and server.conf with the values listed in this link
Would we also have to update our certificates if we use the specific ciphers?
https://docs.splunk.com/Documentation/Splunk/8.2.6/Security/Ciphersuites

Verifying TLS 1.2 Cipher suites disabled?

SSL

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?