7.0 upgrade assistant Search Guard SSL warning

posthamster · April 11, 2019, 11:45pm

I’m running ES / Kibana 6.7.1 and I’m getting the following warning in the 7.0 upgrade assistant:

TLS v1.0 has been removed from default TLS/SSL protocols
These ssl contexts rely on the default TLS/SSL protocols: [searchguard.ssl] (nodes impacted: [list of all my nodes])

The documentation link just takes me to a page stating that TLS v1.0 has been removed, but I’ve got the following in my elasticsearch.yml

searchguard.ssl.http.enabled_protocols:
  - "TLSv1.1"
  - "TLSv1.2"

…so that doesn’t seem to be the problem.

Obviously I can’t upgrade anything yet until SG is released for 7.0, but I’m trying to fix as much pre-upgrade stuff as I can. Is this something I need to resolve myself, or will it be sorted with the 7.0 SG release?

jkressin · April 12, 2019, 11:18am

This seems to be a false positive in the upgrade assistant. We have removed TLS 1.0 a long time ago, so this is not a real issue. There is actually nothing you need to do upfront.

@cstaley I think this is already on our list / already being worked on, can you please double-check?

system · May 3, 2019, 11:24am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tls-tool-1.8 - updating certs Search Guard	7	901	November 19, 2020
Search Guard v43 is out Announcements	1	482	July 21, 2020
Kibana cluster Status RED after upgrade Search Guard	4	776	October 30, 2019
SG Certificates are expiring, replacing it with new certificates , do i need to initialize SG Again Search Guard	2	29	October 16, 2024
Setting up specific tls versions and allowed ciphers. Search Guard	4	441	May 25, 2016

7.0 upgrade assistant Search Guard SSL warning

Related topics