Security

Verifying TLS 1.2 Cipher suites disabled?

sonicZ
Contributor

We have a PCI requirement to disable TLS1.1 or TLS1.0 cipher suites such as

- TLSv1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLSv1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLSv1.0 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- TLSv1.0 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- TLSv1.1 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- TLSv1.1 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLSv1.1 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Among others...
 
I checked a few docs and tested disabling anything less then TLS 1.2 in
sslVersions =  tls1.2
https://docs.splunk.com/Documentation/Splunk/8.2.6/Security/SetyourSSLversion
 
How can i be sure the above cipher suites are disabled and TLS 1.2 is the only allowed?
from previous posts i read we can use openssl to test via and look for any errors or the full certificate response if its open?
openssl s_client -connect ipaddress:port -tls1_1our currrent server.conf is as follows

Here is our current server.conf
[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
Labels (1)
Tags (2)
0 Karma

sonicZ
Contributor

I do see this document describes configuration of using TLS 1.2 cipher suites that are marked secure by PCI requirements.
Just looking to understand the ramifications of connectivity if i do change the web.conf and server.conf with the values listed in this link
Would we also have to update our certificates if we use the specific ciphers?
https://docs.splunk.com/Documentation/Splunk/8.2.6/Security/Ciphersuites

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...