Update documentation to reflect the latest TLS changes and licensing (elastic/x-pack-elasticsearch#2508)

This commit updates to documentation and adds notes about TLS being required to install a
license.

Relates elastic/x-pack-elasticsearch#2463

Original commit: elastic/x-pack-elasticsearch@0d8bfb98ea

docs/en/security/getting-started.asciidoc

@@ -98,7 +98,8 @@ IMPORTANT:  Once you get these basic security measures in place, we strongly
             recommend that you secure communications to and from nodes by
             configuring your cluster to use {xpack-ref}/ssl-tls.html[SSL/TLS encryption].
             Nodes that do not have encryption enabled send passwords in plain
-            text!
+            text and will not be able to install a non-trial license that enables the use
+            of {security}.
 
 Depending on your security requirements, you might also want to:
 

docs/en/security/securing-communications.asciidoc

@@ -4,8 +4,8 @@
 Elasticsearch nodes store data that may be confidential. Attacks on the data may
 come from the network. These attacks could include sniffing of the data,
 manipulation of the data, and attempts to gain access to the server and thus the
-files storing the data. Securing your nodes with the procedures below helps to
-reduce risk from network-based attacks.
+files storing the data. Securing your nodes is required in order to use a production
+license that enables {security} and helps reduce the risk from network-based attacks.
 
 This section shows how to:
 

docs/en/security/securing-communications/separating-node-client-traffic.asciidoc

@@ -38,19 +38,6 @@ transport.profiles.client.bind_host: 1.1.1.1 <2>
 If separate networks are not available, then <<ip-filtering, IP Filtering>> can
 be enabled to limit access to the profiles.
 
-The TCP transport profiles also allow for enabling SSL on a per profile basis.
-This is useful if you have a secured network for the node-to-node communication,
-but the client is on an unsecured network. To enable SSL on a client profile when
-SSL is disabled for node-to-node communication, add the following to
-`elasticsearch.yml`:
-
-[source, yaml]
---------------------------------------------------
-transport.profiles.client.xpack.security.ssl.enabled: true <1>
---------------------------------------------------
-<1> This enables SSL on the client profile. The default value for this setting
-    is the value of `xpack.security.transport.ssl.enabled`.
-
 When using SSL for transport, a different set of certificates can also be used
 for the client traffic by adding the following to `elasticsearch.yml`:
 

docs/en/security/securing-communications/setting-up-ssl.asciidoc

@@ -6,7 +6,7 @@ cluster. Connections are secured using Transport Layer Security (TLS), which is
 commonly referred to as "SSL".
 
 WARNING: Clusters that do not have encryption enabled send all data in plain text
-including passwords.
+including passwords and will not be able to install a license that enables {security}.
 
 To enable encryption, you need to perform the following steps on each node in
 the cluster:

docs/en/settings/security-settings.asciidoc

@@ -715,11 +715,11 @@ are also available for each transport profile. By default, the settings for a
 transport profile will be the same as the default transport unless they
 are specified.
 
-As an example, lets look at the enabled setting. For the default transport
-this is `xpack.security.transport.ssl.enabled`. In order to use this setting in a
+As an example, lets look at the key setting. For the default transport
+this is `xpack.security.transport.ssl.key`. In order to use this setting in a
 transport profile, use the prefix `transport.profiles.$PROFILE.xpack.security.` and
-append the portion of the setting after `xpack.security.transport.`. For the enabled
-setting, this would be `transport.profiles.$PROFILE.xpack.security.ssl.enabled`.
+append the portion of the setting after `xpack.security.transport.`. For the key
+setting, this would be `transport.profiles.$PROFILE.xpack.security.ssl.key`.
 
 [float]
 [[ip-filtering-settings]]