Hello,
I'm trying to set the cipherSuite on web.conf to allow only tls=1.2 connection
[settings]
enableSplunkWebSSL = 1
supportSSLV3Only = False
cipherSuite = TLSv1.2:!eNULL:!aNULL
After I set this, I try a restart of splunkweb, but I get this error:
502 Couldn't complete HTTP request: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
I found the article on the Splunk blog:
http://blogs.splunk.com/2014/10/22/mitigating-the-poodle-attack-in-splunk/
Any idea how to solve this?
Thanks
I assume you're trying to resolve POODLE? To enable TLS only I use this:
[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1
I assume you're trying to resolve POODLE? To enable TLS only I use this:
[settings]
sslVersions = tls
cipherSuite = AES256-SHA:AES128-SHA:DES-CBC3-SHA
enableSplunkWebSSL = 1
Thanks,
i added just the sslVersion and seemd to work. The vulnerability is not present anymore.
Great solution. It is working fine
Fantastic! Thanks for the feedback.
This helped me too. Thanks!
Glad to help, make sure you up vote! 🙂