Hello*,
I did not find any solution in the answers section, so I'll ask this question. It is possible to see, which exact SSL version a forwarder is using? I've configured the forwarders with the standard parameters. In splunkd I get the info (on Indexer side)
INFO TcpInputConfig - SSL supported versions=SSL3,TLS1.0,TLS1.1,TLS1.2
INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2 splunk (SSL)
INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s protocol
On forwarder side:
INFO TcpOutputProc - Connected to idx=10.xxx.xxx.xx:9997
INFO TcpOutputProc - Group splunk-prod initialized with maxQueueSize=512000 in bytes.
INFO TcpOutputProc - tcpout group splunk-prod using Auto load balanced forwarding
INFO TcpOutputProc - Will forward data belonging to all the indices
INFO TcpOutputProc - found Whitelist forwardedindex.2.whitelist , RE : forwardedindex.2.whitelist
INFO TcpOutputProc - found Blacklist forwardedindex.1.blacklist , RE : forwardedindex.1.blacklist
INFO TcpOutputProc - found Whitelist forwardedindex.0.whitelist , RE : forwardedindex.0.whitelist
INFO TcpOutputProc - Initializing with fwdtype=lwf
Ok, but how do I know, if the forwarder sends the data with SSL3 or TLS1.0 for example? Is that possible to find out without installing WireShark on Unix side or something like that? And the same for the mangement Port 8089. How can I see, which EXACT SSL version Splunk uses there?
Thank you for your answers. Hopefully. 😉
... View more