OpenSearch

Commit Graph

Author	SHA1	Message	Date
Tim Vernum	03690d12b2	Remove TLS 1.0 as a default SSL protocol (#37512 ) The default value for ssl.supported_protocols no longer includes TLSv1 as this is an old protocol with known security issues. Administrators can enable TLSv1.0 support by configuring the appropriate `ssl.supported_protocols` setting, for example: xpack.security.http.ssl.supported_protocols: ["TLSv1.2","TLSv1.1","TLSv1"] Relates: #36021	2019-01-25 15:46:39 +11:00
Tim Vernum	6d99e790b3	Add SSL Configuration Library (#37287 ) This introduces a new ssl-config library that can parse and validate SSL/TLS settings and files. It supports the standard configuration settings as used in the Elastic Stack such as "ssl.verification_mode" and "ssl.certificate_authorities" as well as all file formats used in other parts of Elasticsearch security (such as PEM, JKS, PKCS#12, PKCS#8, et al).	2019-01-16 21:52:17 +11:00

Author

SHA1

Message

Date

Tim Vernum

03690d12b2

Remove TLS 1.0 as a default SSL protocol (#37512 )

The default value for ssl.supported_protocols no longer includes TLSv1
as this is an old protocol with known security issues.
Administrators can enable TLSv1.0 support by configuring the
appropriate `ssl.supported_protocols` setting, for example:

xpack.security.http.ssl.supported_protocols: ["TLSv1.2","TLSv1.1","TLSv1"]

Relates: #36021

2019-01-25 15:46:39 +11:00

Tim Vernum

6d99e790b3

Add SSL Configuration Library (#37287 )

This introduces a new ssl-config library that can parse
and validate SSL/TLS settings and files.

It supports the standard configuration settings as used in the
Elastic Stack such as "ssl.verification_mode" and
"ssl.certificate_authorities" as well as all file formats used
in other parts of Elasticsearch security (such as PEM, JKS,
PKCS#12, PKCS#8, et al).

2019-01-16 21:52:17 +11:00

2 Commits