Hello,
I want to disable weak ciphers for Splunk forwarder ports on my 6.3.3 indexer.
The following snippet does not work in my inputs.conf. The default ciphers are still enabled:
[splunktcp-ssl:9997]
connection_host = ip
[SSL]
cipherSuite = ALL:!ADH:!aNULL:!eNULL:!EXP:!LOW:+MEDIUM:+HIGH:!SEED:!3DES:!MD5:!RC4:!SRP
#cipherSuite = CAMELLIA256-SHA
serverCert = $SPLUNK_HOME/etc/auth/server.pem
sslVersions = *,-ssl2,-ssl3,-tls1.0,-tls1.1
Even changing cipherSuite to CAMELLIA256-SHA does nothing:
$ ~/bin/splunk cmd openssl s_client -connect localhost:9997 | grep Cipher
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Cipher : AES256-GCM-SHA384
It is working for the web and management ports (web.conf + server.conf).
According to this question it should work like I did it:
https://answers.splunk.com/answers/134053/ciphersuite-in-various-conf-files.html
... View more