Setting up specific tls versions and allowed ciphers.
78 views
Skip to first unread message
Shawn Lee
unread,
May 13, 2016, 5:19:53 PM5/13/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Search Guard
Hey,
I'm trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?
Thanks,
Shawn
SG
unread,
May 14, 2016, 3:44:54 AM5/14/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to search...@googlegroups.com
thats not possible yet, can you please open an issue on github? will implement it in the next release.
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Search Guard
I was thinking that this might be a straight forward patch on the code. Hoping it could be a few lines of code. I'll start looking to see how to set this up. Can anyone point me to the correct src files that would be best to add the ssl cipher and TLS version config options and controls to?
Thanks,
Shawn
SG
unread,
May 25, 2016, 10:10:52 AM5/25/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to search...@googlegroups.com
we already work on this, would be great if you just can file an issue for that