Is there a way to disable SSL v2 for the forwarder...

cjohn · ‎06-03-2010

The SSL implementation for the management port supports SSLv2, and this is adding a lot of noise to our vulnerability reports. Is there a way to disable SSLv2 for this?

BastianW · ‎07-24-2012

thanks for sharing, we had the same issue here (The splunk forwarder installed on our server was listening to 8089). Did you saw some "side effects" once you changed that?

BastianW · ‎06-11-2013

Just an update here ... we changed that on the forwarder side and haven´t seen any issue so far.

deyeo · ‎04-04-2011

i've configured that in the local directory instead of the default directory. so how can we verify that it is indeed only SSL version 3?

deyeo · ‎04-04-2011

openssl s_client -connect x.x.x.x:xxxx -ssl2 -no_ssl3 -no_tls1

If SSLv2 is not supported, it should give some error like this:

Loading 'screen' into random state - done
CONNECTED(00000774)
5708:error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher:.\ssl\s2_pkt.c:682:
5708:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:.\ssl\s2_pkt.c:430:

gkanapathy · ‎06-04-2010

http://www.splunk.com/base/Documentation/latest/Admin/Serverconf

note settings under [sslConfig]:

supportSSLV3Only = <true|false>
        * If true, tells the HTTP server to only accept connections
        * from SSLv3 clients.
        * Default is false.

Is there a way to disable SSL v2 for the forwarder mgmt port?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms