Describe the issue:
Is it possible to change cipher preference from client to server in searchguard, when I have executed nmap command it is giving me below output.
nmap --script +ssl-enum-ciphers -p 9200
PORT STATE SERVICE
9200/tcp open wap-wsp
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
|
| compressors:
| NULL
| cipher preference: client
|_ least strength: A
here in the above output cipher preference is showing as client which I need to set to server, if there is any way to change this preference then please guide me.
Hi @srgbnd , thanks for response, here we want to set cipher preference to server. from the above example (output of the nmap command) cipher preference is cipher preference: client, but we want to set cipher preference: server.
Hi @mohitj252
Now Search Guard doesn’t have an option to set the cipher preference side. Do you fear the client can abuse it by negotiating a less secure cipher? Then limit number of accepted ciphers and TLS protocols on the Search Guard side, for example elasticsearch.yml