Can we change cipher preference from client to server in SG

Elasticsearch version: 7.8.0

Describe the issue:
Is it possible to change cipher preference from client to server in searchguard, when I have executed nmap command it is giving me below output.
nmap --script +ssl-enum-ciphers -p 9200

9200/tcp open wap-wsp
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| compressors:
| cipher preference: client
|_ least strength: A

here in the above output cipher preference is showing as client which I need to set to server, if there is any way to change this preference then please guide me.

I’m not sure I understand you. What do you want to achieve in the end?

Hi @srgbnd , thanks for response, here we want to set cipher preference to server. from the above example (output of the nmap command) cipher preference is cipher preference: client, but we want to set cipher preference: server.

Hi @mohitj252
Now Search Guard doesn’t have an option to set the cipher preference side. Do you fear the client can abuse it by negotiating a less secure cipher? Then limit number of accepted ciphers and TLS protocols on the Search Guard side, for example

  - "TLSv1.1"
  - "TLSv1.2"

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.