I have the same issue as documented in this posting. The answer makes sense. But I am not very comfortable with assuming that no one is going to attack port 8089.
I found a workaround for Apache 2 on StackExchange, which turns off SSL/TLS compression in openSSL. It works for me on Apache 2 but it does not work on splunkd.
I tried adding a line "export OPENSSL_NO_DEFAULT_ZLIB=1" in /etc/init.d/splunk.
I also tried adding "OPENSSL_NO_DEFAULT_ZLIB=1" in etc/splunk-launch.conf.
I am assuming that splunkd (Cherrypy) ultimately uses openSSL. If that is true, then the remedy should work. Could someone please respond to that?
Maybe I am doing it wrong. If that's the case, how do I inject an environment variable into the splunkd process?
Thanks.