Hello,
I'm required to scan my Splunk Enterprise environment for compliance reasons. When I'm scanning my search heads and indexers ,I keep getting multiple SSL errors for the management port 8089. I've searched and haven't found a way figure out a method to upload a third party cert to fix this or if this is something that I'll just have to make not isn't fixable. I've included some of the vulnerability issues I've found. Not sure if opening a ticket with support would get me the information I need.
1. SSL Version 2 and 3 Protocol Detected
2. SSL Cert Signed Using Weak Hashing Algorithm (SHA1)
3. SSL Certificate Wrong Hostname (Splunk Self Signed Cert running on 8089)
4. TLS CRIME Vulnerability
Thanks!
↧