https://answers.splunk.com/answers/468642/deployment-server-flooded-with-ssl-handshake-error-1.html
By seeing answers above, I think that I should configure like below, if I want to force Deployment Server
and Universal Forwarder
to use TLS 1.2
.
In Deployment Server
[sslConfig]
sslVersions = tls1.2,-ssl2, -ssl3
In Universal Forwarder
[sslConfig]
sslVersionsForClient = tls1.2,-ssl2, -ssl3
However, in my environment Universal Forwarder
is ver 6.4.5 and Deployment Server
is ver 6.2.3, and there isn't stanza sslVersionsForClient
in ver 6.2.3.
First of all, is the setting above correct?
Also, even if the ver is different and there is a stanza that does not exist on other side, will it work without problems?
If someone tell me about it, I appreciate.
If the stanza is not in deploymentclient.conf it uses the settings from server.conf.
I would just set sslVersions in the server.conf on both, and not worry about sslVersionsForClient.
By setting it in the server.conf, I believe it becomes the default setting for any SSL services running (management port, HEC, etc..).
If the stanza is not in deploymentclient.conf it uses the settings from server.conf.
So, what you should be doing on the client and server, is setting the sslversions in server.conf, if that wasn't clear in my answer
Thank for answer!
So you means that I should set sslVersions
stanza to both, and I should set sslVersionsForClient
to Universal Forwarder, right?
I could force tls1.2 to connection of Universal Forwarder and Deployment Server by setting sslVersions
in server.conf
of only Deployment Server.