honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
🔎 Open source distributed and RESTful search engine.
7 Commits 7 Branches 6 Tags 546 MiB
Java 99.5%
Groovy 0.4%
Go to file
Alexander Reelsen d0673b0cfb Added SSL support in netty 
This introduces the possibility to have all communications (transport
and HTTP) to run over SSL.

Original commit: elastic/x-pack-elasticsearch@c816a65f53
 		2014-07-22 11:41:17 +02:00
src Added SSL support in netty 2014-07-22 11:41:17 +02:00
LICENSE.txt Initial X-Pack commit 2018-04-20 14:16:58 -07:00
README.asciidoc Added SSL support in netty 2014-07-22 11:41:17 +02:00
all-signatures.txt Initial import 2014-07-07 11:30:28 +02:00
core-signatures.txt Initial import 2014-07-07 11:30:28 +02:00
pom.xml Added SSL support in netty 2014-07-22 11:41:17 +02:00
test-signatures.txt Initial import 2014-07-07 11:30:28 +02:00
tests.policy Added SSL support in netty 2014-07-22 11:41:17 +02:00

README.asciidoc 

= Elasticsearch Security Plugin

This plugins adds security features to elasticsearch

== Access control

== Encrypted communication using TLS/SSL

=== Configuration parameters

==== Transport protocol

* `transport.tcp.ssl`: true|false (defaults to true)
* `transport.tcp.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys)
* `transport.tcp.ssl.keystore_password`: password of the keystore
* `transport.tcp.ssl.keystore_algorithm`: keystore format (defaults to SunX509)
* `transport.tcp.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys)
* `transport.tcp.ssl.truststore_password`: password of the truststore
* `transport.tcp.ssl.truststore_algorithm`: truststore format (defaults to SunX509)
* `transport.tcp.ssl.client.auth`: true|false (defaults to true)
* `transport.tcp.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA`

==== HTTP

* `http.ssl`: true|false (defaults to true)
* `http.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys)
* `http.ssl.keystore_password`: password of the keystore
* `http.ssl.keystore_algorithm`: keystore format (defaults to SunX509)
* `http.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys)
* `http.ssl.truststore_password`: password of the truststore
* `http.ssl.truststore_algorithm`: truststore format (defaults to SunX509)
* `http.ssl.client.auth`: true|false (defaults to true)
* `http.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA`

== Generating certificates

=== Using self signed certificates per node

=== Using an own CA