2018-01-12 14:35:16 -05:00
|
|
|
[role="xpack"]
|
2017-04-06 21:29:29 -04:00
|
|
|
[[ciphers]]
|
2019-10-04 16:11:05 -04:00
|
|
|
=== Enabling cipher suites for stronger encryption
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
The TLS and SSL protocols use a cipher suite that determines the strength of
|
|
|
|
encryption used to protect the data. You may want to increase the strength of
|
|
|
|
encryption used when using a Oracle JVM; the IcedTea OpenJDK ships without these
|
|
|
|
restrictions in place. This step is not required to successfully use encrypted
|
|
|
|
communication.
|
|
|
|
|
|
|
|
The _Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
|
|
|
|
Files_ enable the use of additional cipher suites for Java in a separate JAR file
|
|
|
|
that you need to add to your Java installation. You can download this JAR file
|
|
|
|
from Oracle's http://www.oracle.com/technetwork/java/javase/downloads/index.html[download page].
|
|
|
|
The _JCE Unlimited Strength Jurisdiction Policy Files`_ are required for
|
|
|
|
encryption with key lengths greater than 128 bits, such as 256-bit AES encryption.
|
|
|
|
|
2017-08-01 09:36:35 -04:00
|
|
|
After installation, all cipher suites in the JCE are available for use but requires
|
2018-12-19 17:53:37 -05:00
|
|
|
configuration in order to use them. To enable the use of stronger cipher suites
|
2020-03-06 19:28:54 -05:00
|
|
|
with {es} {security-features}, configure the
|
|
|
|
<<ssl-tls-settings,`cipher_suites` parameter>>.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
NOTE: The _JCE Unlimited Strength Jurisdiction Policy Files_ must be installed
|
|
|
|
on all nodes in the cluster to establish an improved level of encryption
|
|
|
|
strength.
|