I changed these settings ages ago, but my Security department wouldn't believe that it was disabled without proof.
I ran an openssl command from a forwarder to test:
openssl s_client -connect splunk-index-dev-01.example.com:9997 -tls1_2
and it worked as expected, giving me standard connection info.
Then I ran the same command for ssl3, and it gave me the same connection info:
openssl s_client -connect splunk-index-dev-01.example.com:9997 -ssl3
Doing the same command with ssl2 on the end showed that it was not enabled for ssl2.
I doublechecked my settings, and I had sslVersions = tls1.2 set in server.conf on the indexer and outputs.conf on the forwarder, and there was no change.
After a great deal of back-and-forth with Splunk tech support, we figured out that we needed to set sslVersions = tls1.2 in inputs.conf on the indexer, and nothing in the forwarder, not in outputs.conf, not in server.conf, nowhere at all on the forwarder, and also take it out of server.conf on the indexer.
... View more