cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ncsasecops
Engager
Member since: ‎01-26-2021
‎01-26-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎01-26-2021
View All

Seeing (SSL/TLS Compression Algorithm Information ...

by in Splunk Enterprise Security
‎01-26-2021 01:35 PM
2 Karma
‎01-26-2021 01:35 PM
2 Karma
We are seeing this vulnerability show up via qualys vuln scanning on both our dev and production splunk instances. I am using the same ssl config for both and have tried solving this multiple ways including the first solution proposed here: https://community.splunk.com/t5/Getting-Data-In/I-am-looking-for-clarification-on-SSL-compression-settings-in/m-p/126153 this is what our ssl and http server config in server.conf looks like currently: [sslConfig] sslPassword = $encryptedsslpass$ serverCert = $servercertpath$ caCertFile = $cacertpath$ sendStrictTransportSecurityHeader=true useSSLCompression = false allowSSLCompression = false sslVersions = tls1.2 sslVersionsForClient = tls1.2 cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 [httpServer] replyHeader.X-XSS-Protection= 1; mode=block replyHeader.Content-Security-Policy = script-src 'self'; object-src 'self'   Is there anything I need to add to this config or elsewhere to solve this vulnerability? I do not want to block the scanner from seeing the port as I have seen proposed in some solutions.   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-26-2021 06:27 PM
Karma from
View All