How to enable specific TLS version on transport port
21 views
Skip to first unread message
askids
Dec 6, 2017, 9:09:43 PM12/6/17
to Search Guard Community Forum
Hi,
For http, I see that there is a configuration to enable specific version of TLS protocol. However at least in documentation, equivalent property is not available for transport layer. So if we want to enforce let's say TLS v1.2 for transport layer, how do we achieve that? If this is not an option, then what is the default that Searchguard SSL will use?
Thanks!
SG
Dec 8, 2017, 12:33:46 PM12/8/17
to search...@googlegroups.com
# Enabled SSL cipher suites for transport protocol (only Java format is supported)
# WARNING: Expert setting, do only use if you know what you are doing
# If you set wrong values here this this could be a security risk
#searchguard.ssl.transport.enabled_ciphers:
# - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
# - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
# Enabled SSL protocols for transport protocol (only Java format is supported)
# WARNING: Expert setting, do only use if you know what you are doing
# If you set wrong values here this this could be a security risk
#searchguard.ssl.transport.enabled_protocols:
# - "TLSv1.2"
https://github.com/floragunncom/search-guard-ssl/blob/5.6.0/searchguard-ssl-config-template.yml
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f9f9986-5013-4c65-aace-defcbd454b28%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
# WARNING: Expert setting, do only use if you know what you are doing
# If you set wrong values here this this could be a security risk
#searchguard.ssl.transport.enabled_ciphers:
# - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
# - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
# Enabled SSL protocols for transport protocol (only Java format is supported)
# WARNING: Expert setting, do only use if you know what you are doing
# If you set wrong values here this this could be a security risk
#searchguard.ssl.transport.enabled_protocols:
# - "TLSv1.2"
https://github.com/floragunncom/search-guard-ssl/blob/5.6.0/searchguard-ssl-config-template.yml
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f9f9986-5013-4c65-aace-defcbd454b28%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
askids
Dec 18, 2017, 8:41:21 PM12/18/17
to Search Guard Community Forum
Thank you. I will try this.
Reply all
Reply to author
Forward
0 new messages