Splunk Enterprise Security

Seeing (SSL/TLS Compression Algorithm Information Leakage Vulnerability port 8089/tcp over SSL) from qualys scanning


We are seeing this vulnerability show up via qualys vuln scanning on both our dev and production splunk instances. I am using the same ssl config for both and have tried solving this multiple ways including the first solution proposed here: https://community.splunk.com/t5/Getting-Data-In/I-am-looking-for-clarification-on-SSL-compression-se...

this is what our ssl and http server config in server.conf looks like currently:


sslPassword = $encryptedsslpass$

serverCert = $servercertpath$

caCertFile = $cacertpath$


useSSLCompression = false

allowSSLCompression = false

sslVersions = tls1.2

sslVersionsForClient = tls1.2



replyHeader.X-XSS-Protection= 1; mode=block

replyHeader.Content-Security-Policy = script-src 'self'; object-src 'self'


Is there anything I need to add to this config or elsewhere to solve this vulnerability? I do not want to block the scanner from seeing the port as I have seen proposed in some solutions.


Labels (1)


I'm having the same issue. Did you ever find a resolution?

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>