Determine your cipher suite
You can select and specify a cipher suite for inter-Splunk, Splunk Web, and Splunk forwarder to indexer communications. You add your cipher suite by appending a line at the end of your server SSL configuration stanza.
The following is an example of how you would updated inputs.conf
when configuring forwarder to indexer certificate authentication:
[splunktcp-ssl:9998] [SSL] password = password requireClientCert = false rootCA = $SPLUNK_HOME/etc/auth/cacert.pem serverCert = $SPLUNK_HOME/etc/auth/server.pem cipherSuite = AES256-SHA256:DHE-RSA-AES256-SHA256
To see which ciphers are available to you:
$SPLUNK_HOME/bin/splunk cmd openssl ciphers -v $SPLUNK_HOME/bin/splunk cmd openssl ciphers -v "TLSv1.2" $SPLUNK_HOME/bin/splunk cmd openssl ciphers -v "HIGH"
Cipher suites are available to you based on your version of OpenSSL. To see which version of OpenSSL you are running:
$SPLUNK_HOME/bin/splunk cmd openssl version
How to prepare signed certificates for inter-Splunk communication | Working with multiple intermediate certificates |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12
Feedback submitted, thanks!