Security

Way to set cipher order preference in cipherSuite ?

evanr76
New Member

I was surprised to find that splunkweb does not send a preferred list of ciphers according to their order of appearance in the cipherSuite directive.

Is there a way to have splunkweb express a cipher order preference, similar to the SSLHonorCipherOrder directive in Apache?

Otherwise, I'm finding it harder than expected to convince modern browsers to support PFS ciphers while degrading gracefully for older ones.

Tags (2)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi evanr76,

have a look at this answer where you can read something about this topic http://answers.splunk.com/answers/134053/ciphersuite-in-various-conf-files.html

cheers, MuS

0 Karma

cfloyd_inap
Engager

This doesn't address the question about HonorCipherOrder. PEN tools still flag the web server as being vulnerable to Secure Client-Initiated Renegotiation

xavierashe
Contributor
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!