OpenSearch/x-pack
Ioannis Kakavas ba37e3c4a0
Disable DiagnosticTrustManager in FIPS 140 (#49888)
This commit changes the default behavior for
xpack.security.ssl.diagnose.trust when running in a FIPS 140 JVM.

More specifically, when xpack.security.fips_mode.enabled is true:

- If xpack.security.ssl.diagnose.trust is not explicitly set, the
    default value of it becomes false and a log message is printed
    on info level, notifying of the fact that the TLS/SSL diagnostic
    messages are not enabled when in a FIPS 140 JVM.
- If xpack.security.ssl.diagnose.trust is explicitly set, the value of
    it is honored, even in FIPS mode.

This is relevant only for 7.x where we support Java 8 in which
SunJSSE can still be used as a FIPS 140 provider for TLS. SunJSSE
in FIPS mode, disallows the use of other TrustManager implementations
than the one shipped with SunJSSE.
2020-01-13 17:04:23 +02:00
..
dev-tools
docs Typo of ' instead of ` (#50767) 2020-01-09 09:41:41 -08:00
license-tools Support "enterprise" license types (#49474) 2019-12-12 14:37:44 +11:00
plugin Disable DiagnosticTrustManager in FIPS 140 (#49888) 2020-01-13 17:04:23 +02:00
qa Unmute 'Test url escaping with url mustache function' webhook watcher test (#50439) 2020-01-06 10:43:55 +01:00
snapshot-tool Fix and Reenable SnapshotTool Minio Tests (#50736) (#50745) 2020-01-08 16:33:36 +01:00
test Document SAML APIs (#45105) (#47909) 2019-10-11 16:34:11 +03:00
transport-client Apply 2-space indent to all gradle scripts (#49071) 2019-11-14 11:01:23 +00:00
NOTICE.txt
README.md
build.gradle [7.x] Update opensaml dependency (#44972) (#49512) 2019-11-29 00:17:16 +02:00

README.md

Elastic License Functionality

This directory tree contains files subject to the Elastic License. The files subject to the Elastic License are grouped in this directory to clearly separate them from files licensed under the Apache License 2.0.