OpenSearch

mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-05 20:48:22 +00:00

History

Ioannis Kakavas ba37e3c4a0

Disable DiagnosticTrustManager in FIPS 140 (#49888 )

This commit changes the default behavior for
xpack.security.ssl.diagnose.trust when running in a FIPS 140 JVM.

More specifically, when xpack.security.fips_mode.enabled is true:

- If xpack.security.ssl.diagnose.trust is not explicitly set, the
    default value of it becomes false and a log message is printed
    on info level, notifying of the fact that the TLS/SSL diagnostic
    messages are not enabled when in a FIPS 140 JVM.
- If xpack.security.ssl.diagnose.trust is explicitly set, the value of
    it is honored, even in FIPS mode.

This is relevant only for 7.x where we support Java 8 in which
SunJSSE can still be used as a FIPS 140 provider for TLS. SunJSSE
in FIPS mode, disallows the use of other TrustManager implementations
than the one shipped with SunJSSE.

2020-01-13 17:04:23 +02:00

images

[DOCS] Moves X-Pack settings to docs folder (#31120 )

2018-06-06 10:05:32 -07:00

audit-settings.asciidoc

[DOCS] Rename auditing topic. Closes #49012 (#49013 )

2019-11-22 14:16:58 -08:00

ccr-settings.asciidoc

[DOCS] Cleans up links to security content (#47610 ) (#47703 )

2019-10-07 15:23:19 -07:00

data-frames-settings.asciidoc

[7.5][Transform] rename classes in transform plugin (#46867 )