Security

The remote service allows repeated renegotiation of TLS / SSL connections.

BastianW
Path Finder

Our Nessus scan is currently mention the following issues for a service running on port 8089 (which is the splunk forwarder). The complete issue is:

*Synopsis:
The remote service allows repeated renegotiation of TLS / SSL connections.



Description
:
The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition.



Solution
:
Contact the vendor for specific patch information.*

How can we solve that?

Tags (3)
0 Karma

jamesphilput
Engager

Were you able to find a solution to this problem? I'm seeing the same issue with the most recent Universal Forwarder software.

BastianW
Path Finder

I have installed splunkforwarder-4.3.3-128297-x64-release.msi and this didn´t fix the issue (I also use "supportSSLV3Only = true" in my config).

In the Splunk Product Security Policy I couldn´t also not found anything which is related to the issue above. The issue you refer to seamed to be a "old" SSL issue which didn´t apply here.

0 Karma

BastianW
Path Finder

Just updated to Splunk Forwarder 5.0.1 and I still have the same issue.

0 Karma

MarioM
Motivator

Then i would advise you to open a support case

0 Karma

MarioM
Motivator

Here Splunk Product Security Policy you will find the procedure.

And it seems to be fixed in 4.2.3 and above SPL40645

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...