We are seeing this vulnerability show up via qualys vuln scanning on both our dev and production splunk instances. I am using the same ssl config for both and have tried solving this multiple ways including the first solution proposed here: https://community.splunk.com/t5/Getting-Data-In/I-am-looking-for-clarification-on-SSL-compression-settings-in/m-p/126153 this is what our ssl and http server config in server.conf looks like currently: [sslConfig] sslPassword = $encryptedsslpass$ serverCert = $servercertpath$ caCertFile = $cacertpath$ sendStrictTransportSecurityHeader=true useSSLCompression = false allowSSLCompression = false sslVersions = tls1.2 sslVersionsForClient = tls1.2 cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 [httpServer] replyHeader.X-XSS-Protection= 1; mode=block replyHeader.Content-Security-Policy = script-src 'self'; object-src 'self' Is there anything I need to add to this config or elsewhere to solve this vulnerability? I do not want to block the scanner from seeing the port as I have seen proposed in some solutions.
... View more