Which SSL Configurations Affect Which Port

phoenixdigital · ‎06-22-2017

I was hoping to get some clarification on this as there is no specific information that I could find in the documentation.

We obviously have these main ports in use for most Splunk installations.

Port 8000 - Splunk Web interface
Port 8089 - Splunk internal comms
Port 9997 - Splunk receiving

Would this graphic I put together accurately describe which .conf configurations affect each of the above?

I know there used to be some overlap with the some of the SSL configurations in server.conf which impact port 8000 but in recent Splunk releases it appears to have been separated out and compartmentalised to be contained in web.conf

Is there something missing from my diagram?

Are there any server.conf settings still affect the Splunk web on 8000 at all?

Thanks

inventsekar · ‎06-22-2017

per my knowledge your understandings are clear and good.
let me check again..

PS - maybe, you could have added the image directly, instead of imgur.

phoenixdigital · ‎06-22-2017

Yeah there is still confusion amongst some of our engineers (and splunk support) who are convinced server.conf settings can affect the port 8000. We are not sure which is right yet.

Notably things like cipherSuite, sslVersions and sslVersionsForClient.

Thanks for the tip. I forgot you could add images directly (fixed it up)

Which SSL Configurations Affect Which Port

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases