Setting up specific tls versions and allowed ciphers.

[Shawn Lee]

Hey,

I'm trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?

Thanks,

Shawn

[SG]

thats not possible yet, can you please open an issue on github? will implement it in the next release.

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f757cc5-f03b-4619-bb5a-4665f4c3cfad%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Shawn Lee]

I was thinking that this might be a straight forward patch on the code. Hoping it could be a few lines of code. I'll start looking to see how to set this up. Can anyone point me to the correct src files that would be best to add the ssl cipher and TLS version config options and controls to?

Thanks,

Shawn

[SG]

we already work on this, would be great if you just can file an issue for that

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c46cab9d-ab44-4dc8-ab2c-51bf7669f41d%40googlegroups.com.

[Shawn Lee]

https://github.com/floragunncom/search-guard-ssl/issues/21

Thanks for your help everyone.