iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update TLS settings to have brief documentation around the use of encrypted SSL password settings (#5582) 

* readd auth token doc

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Add docs

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Remove extra file

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* remove please

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/configuration/tls.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* split pr

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* separate PR for backport to 2.7

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

---------

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
This commit is contained in:
Stephen Crawford 2023-11-13 18:40:28 -05:00 committed by GitHub
parent 5f12318880
commit 2be2b7b52d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_security/configuration/tls.md
View File

@ -207,3 +207,22 @@ plugins.security.ssl.http.enabled_protocols:
## (Advanced) Disabling client initiated renegotiation for Java 8
Set `-Djdk.tls.rejectClientInitiatedRenegotiation=true` to disable secure client initiated renegotiation, which is enabled by default. This can be set via `OPENSEARCH_JAVA_OPTS` in `config/jvm.options`.
## (Advanced) Using encrypted password settings for SSL
The default insecure SSL password settings have been deprecated. In order to use the secure alternative of these settings users can use their alternative forms. Specifically, users can append the `_secure` suffix to the SSL settings. The resulting secure alternatives are:
* plugins.security.ssl.http.pemkey_password_secure
* plugins.security.ssl.http.keystore_password_secure
* plugins.security.ssl.http.keystore_keypassword_secure
* plugins.security.ssl.http.truststore_password_secure
* plugins.security.ssl.transport.pemkey_password_secure
* plugins.security.ssl.transport.server.pemkey_password_secure
* plugins.security.ssl.transport.client.pemkey_password_secure
* plugins.security.ssl.transport.keystore_password_secure
* plugins.security.ssl.transport.keystore_keypassword_secure
* plugins.security.ssl.transport.server.keystore_keypassword_secure
* plugins.security.ssl.transport.client.keystore_keypassword_secure
* plugins.security.ssl.transport.truststore_password_secure
These settings allow for the use of encrypted passwords in the settings.