[role="xpack"]
[[encrypting-communications]]
== Encrypting communications

Elasticsearch nodes store data that may be confidential. Attacks on the data may
come from the network. These attacks could include sniffing of the data,
manipulation of the data, and attempts to gain access to the server and thus the
files storing the data. Securing your nodes is required in order to use a production
license that enables {security} and helps reduce the risk from network-based attacks.

This section shows how to:

* Encrypt traffic to, from and within an Elasticsearch cluster using SSL/TLS,
* Require nodes to authenticate as they join the cluster using SSL certificates, and
* Make it more difficult for remote attackers to issue any commands to Elasticsearch.

The authentication of new nodes helps prevent a rogue node from joining the
cluster and receiving data through replication.

:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/setting-up-ssl.asciidoc
include::{es-repo-dir}/security/securing-communications/setting-up-ssl.asciidoc[]

[[ciphers]]
=== Enabling cipher suites for stronger encryption

See {ref}/ciphers.html[Enabling Cipher Suites for Stronger Encryption].

[[separating-node-client-traffic]]
=== Separating node-to-node and client traffic

See {ref}/separating-node-client-traffic.html[Separating node-to-node and client traffic].