I am trying to disable SSLv3 and TLS1.0 on HTTP Event Collector, for the life of me I can't figure out where to set the allowed sslVersions. It's already set in %SPLUNK_HOME%/etc/system/local/server.conf
[sslConfig]
sslVersions = tls1.1, tls1.2
Whether the HTTP Event Collector server protocol is HTTP or HTTPS. 1 indicates HTTPS; 0 indicates HTTP. The default value is 1. If you set enableSSL to 1, HTTP Event Collector uses the SSL settings specified in the [general] stanza of the server.conf file.
source: http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
The [general] stanza doesn’t have SSL settings, that's in [sslConfig]
Ok just figured out the answer, but please update the docs. It's correct in http://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Inputsconf#http:_.28HTTP_Event_Collector.29 but not in dev.splunk.com
The default is apparently in %SPLUNK_HOME%/etc/apps/splunk_httpinput/default/inputs.conf as
[http]
# ssl settings are similar to mgmt server
sslVersions=*,-ssl2
allowSslCompression=true
allowSslRenegotiation=true
Added the stanza below to %SPLUNK_HOME%/etc/apps/splunk_httpinput/local/inputs.conf
[http]
sslVersions=tls1.1, tls1.2
Ok just figured out the answer, but please update the docs. It's correct in http://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Inputsconf#http:_.28HTTP_Event_Collector.29 but not in dev.splunk.com
The default is apparently in %SPLUNK_HOME%/etc/apps/splunk_httpinput/default/inputs.conf as
[http]
# ssl settings are similar to mgmt server
sslVersions=*,-ssl2
allowSslCompression=true
allowSslRenegotiation=true
Added the stanza below to %SPLUNK_HOME%/etc/apps/splunk_httpinput/local/inputs.conf
[http]
sslVersions=tls1.1, tls1.2