Error "no valid cipher suites for transport protocol"

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3

SG-SSL version search-guard-ssl 2.4.3.19

Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config

  • se-01-keystore.jks

  • truststore.jks

Add the following to elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks

searchguard.ssl.transport.keystore_password:

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password:

searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.node.Node.<init>(Node.java:179)

at org.elasticsearch.node.Node.<init>(Node.java:140)

at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

Can you provide the logs on INFO level that appeared prior to the error message?
Do you use OpenSSL? Maybe you have an outdated open ssl version installed,
in this case try adding "searchguard.ssl.transport.enable_openssl_if_available: false" to elasticsearch.yml

···

Am 03.02.2017 um 01:10 schrieb Eliran Boraks <eboraks@gmail.com>:

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3
SG-SSL version search-guard-ssl 2.4.3.19
Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config
- se-01-keystore.jks
- truststore.jks

Add the following to elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks
searchguard.ssl.transport.keystore_password: <keystore password>
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: <Truststore password>
searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception
ElasticsearchSecurityException[no valid cipher suites for transport protocol]
  at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
  at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
  at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
  at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
  at org.elasticsearch.node.Node.<init>(Node.java:179)
  at org.elasticsearch.node.Node.<init>(Node.java:140)
  at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
  at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
  at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
  at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dfb43290-9973-42dc-a634-dd4244e3996c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

I added searchguard.ssl.transport.enable_openssl_if_available: false and I am getting the same error. Here is the complete output:

[2017-02-07 18:14:50,756][INFO ][node ] [Lady Lark] version[2.4.3], pid[4171], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-07 18:14:50,761][INFO ][node ] [Lady Lark] initializing …

[2017-02-07 18:14:52,227][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-07 18:14:52,237][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-07 18:14:52,259][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-07 18:14:52,261][INFO ][plugins ] [Lady Lark] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-07 18:14:52,306][INFO ][env ] [Lady Lark] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-07 18:14:52,308][INFO ][env ] [Lady Lark] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-07 18:14:53,878][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-07 18:14:54,044][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

Exception in thread “main” ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.node.Node.<init>(Node.java:179)

at org.elasticsearch.node.Node.<init>(Node.java:140)

at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

Refer to the log for complete error details.

···

On Friday, February 3, 2017 at 11:05:52 AM UTC-5, Search Guard wrote:

Can you provide the logs on INFO level that appeared prior to the error message?

Do you use OpenSSL? Maybe you have an outdated open ssl version installed,
in this case try adding “searchguard.ssl.transport.enable_openssl_if_available: false” to elasticsearch.yml

Am 03.02.2017 um 01:10 schrieb Eliran Boraks ebo...@gmail.com:

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3

SG-SSL version search-guard-ssl 2.4.3.19

Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config

  • se-01-keystore.jks
  • truststore.jks

Add the following to elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks

searchguard.ssl.transport.keystore_password:

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password:

searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
    at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
    at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
    at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
    at org.elasticsearch.node.Node.<init>(Node.java:179)
    at org.elasticsearch.node.Node.<init>(Node.java:140)
    at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dfb43290-9973-42dc-a634-dd4244e3996c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

  • What is your operating system?

  • Is it a 32 or 64bit operating system?

  • Is your Oracle jdk8u111-b14 a 32 or 64 bit (x86 or x64) version?

  • Do you run elasticsearch within a special environment (docker, etc) or within a public or private cloud?

I prepared a special “debug” version, can you pls install this a look for additional errors in the logfiles:

https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-ssl/2.4.3.20-SNAPSHOT/search-guard-ssl-2.4.3.20-20170207.190547-1.zip

···

On Tuesday, 7 February 2017 19:17:12 UTC+1, Eliran Boraks wrote:

I added searchguard.ssl.transport.enable_openssl_if_available: false and I am getting the same error. Here is the complete output:

[2017-02-07 18:14:50,756][INFO ][node ] [Lady Lark] version[2.4.3], pid[4171], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-07 18:14:50,761][INFO ][node ] [Lady Lark] initializing …

[2017-02-07 18:14:52,227][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-07 18:14:52,237][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-07 18:14:52,259][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-07 18:14:52,261][INFO ][plugins ] [Lady Lark] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-07 18:14:52,306][INFO ][env ] [Lady Lark] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-07 18:14:52,308][INFO ][env ] [Lady Lark] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-07 18:14:53,878][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-07 18:14:54,044][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

Exception in thread “main” ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:154)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.node.Node.(Node.java:179)

at org.elasticsearch.node.Node.(Node.java:140)

at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

Refer to the log for complete error details.

On Friday, February 3, 2017 at 11:05:52 AM UTC-5, Search Guard wrote:

Can you provide the logs on INFO level that appeared prior to the error message?

Do you use OpenSSL? Maybe you have an outdated open ssl version installed,
in this case try adding “searchguard.ssl.transport.enable_openssl_if_available: false” to elasticsearch.yml

Am 03.02.2017 um 01:10 schrieb Eliran Boraks ebo...@gmail.com:

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3

SG-SSL version search-guard-ssl 2.4.3.19

Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config

  • se-01-keystore.jks
  • truststore.jks

Add the following to elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks

searchguard.ssl.transport.keystore_password:

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password:

searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
    at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
    at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
    at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
    at org.elasticsearch.node.Node.<init>(Node.java:179)
    at org.elasticsearch.node.Node.<init>(Node.java:140)
    at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dfb43290-9973-42dc-a634-dd4244e3996c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

The OS is Red Hat 7.

I will try the debug version and let you know.

Eliran

···

On Tuesday, February 7, 2017 at 2:09:21 PM UTC-5, Search Guard wrote:

  • What is your operating system?
  • Is it a 32 or 64bit operating system?
  • Is your Oracle jdk8u111-b14 a 32 or 64 bit (x86 or x64) version?
  • Do you run elasticsearch within a special environment (docker, etc) or within a public or private cloud?

I prepared a special “debug” version, can you pls install this a look for additional errors in the logfiles:

https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-ssl/2.4.3.20-SNAPSHOT/search-guard-ssl-2.4.3.20-20170207.190547-1.zip

On Tuesday, 7 February 2017 19:17:12 UTC+1, Eliran Boraks wrote:

I added searchguard.ssl.transport.enable_openssl_if_available: false and I am getting the same error. Here is the complete output:

[2017-02-07 18:14:50,756][INFO ][node ] [Lady Lark] version[2.4.3], pid[4171], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-07 18:14:50,761][INFO ][node ] [Lady Lark] initializing …

[2017-02-07 18:14:52,227][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-07 18:14:52,237][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-07 18:14:52,259][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-07 18:14:52,261][INFO ][plugins ] [Lady Lark] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-07 18:14:52,306][INFO ][env ] [Lady Lark] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-07 18:14:52,308][INFO ][env ] [Lady Lark] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-07 18:14:53,878][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-07 18:14:54,044][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

Exception in thread “main” ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.<init>(Node.java:179)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

Refer to the log for complete error details.

On Friday, February 3, 2017 at 11:05:52 AM UTC-5, Search Guard wrote:

Can you provide the logs on INFO level that appeared prior to the error message?

Do you use OpenSSL? Maybe you have an outdated open ssl version installed,
in this case try adding “searchguard.ssl.transport.enable_openssl_if_available: false” to elasticsearch.yml

Am 03.02.2017 um 01:10 schrieb Eliran Boraks ebo...@gmail.com:

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3

SG-SSL version search-guard-ssl 2.4.3.19

Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config

  • se-01-keystore.jks
  • truststore.jks

Add the following to elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks

searchguard.ssl.transport.keystore_password:

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password:

searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
    at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
    at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
    at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
    at org.elasticsearch.node.Node.<init>(Node.java:179)
    at org.elasticsearch.node.Node.<init>(Node.java:140)
    at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dfb43290-9973-42dc-a634-dd4244e3996c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

See below the information you asked for. I installed the jar you gave me and included the logs its produce when running below.

OS version: Red Hat Enterprise Linux Server release 7.3 (Maipo)

Environment Google Cloud Compute

I install Elasticsearch on the OS without any docker or VM

$ java -version

java version “1.8.0”

Java™ SE Runtime Environment (build pxa6480sr3fp20-20161019_02(SR3 FP20))

IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20161013_322271 (JIT enabled, AOT enabled)

J9VM - R28_Java8_SR3_20161013_1635_B322271

JIT - tr.r14.java.green_20161011_125790

GC - R28_Java8_SR3_20161013_1635_B322271_CMPRSS

J9CL - 20161013_322271)

JCL - 20161018_01 based on Oracle jdk8u111-b14

Logs:

[2017-02-09 23:26:03,126][INFO ][node ] [Jackpot] version[2.4.3], pid[2411], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-09 23:26:03,128][INFO ][node ] [Jackpot] initializing …

[2017-02-09 23:26:04,588][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-09 23:26:04,611][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-09 23:26:04,611][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-09 23:26:04,612][INFO ][plugins ] [Jackpot] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-09 23:26:04,651][INFO ][env ] [Jackpot] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-09 23:26:04,651][INFO ][env ] [Jackpot] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-09 23:26:05,986][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-09 23:26:06,082][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-09 23:26:06,082][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-09 23:26:06,373][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:155)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.node.Node.(Node.java:179)

at org.elasticsearch.node.Node.(Node.java:140)

at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

···

On Tuesday, February 7, 2017 at 2:09:21 PM UTC-5, Search Guard wrote:

  • What is your operating system?
  • Is it a 32 or 64bit operating system?
  • Is your Oracle jdk8u111-b14 a 32 or 64 bit (x86 or x64) version?
  • Do you run elasticsearch within a special environment (docker, etc) or within a public or private cloud?

I prepared a special “debug” version, can you pls install this a look for additional errors in the logfiles:

https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-ssl/2.4.3.20-SNAPSHOT/search-guard-ssl-2.4.3.20-20170207.190547-1.zip

On Tuesday, 7 February 2017 19:17:12 UTC+1, Eliran Boraks wrote:

I added searchguard.ssl.transport.enable_openssl_if_available: false and I am getting the same error. Here is the complete output:

[2017-02-07 18:14:50,756][INFO ][node ] [Lady Lark] version[2.4.3], pid[4171], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-07 18:14:50,761][INFO ][node ] [Lady Lark] initializing …

[2017-02-07 18:14:52,227][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-07 18:14:52,237][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-07 18:14:52,259][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-07 18:14:52,261][INFO ][plugins ] [Lady Lark] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-07 18:14:52,306][INFO ][env ] [Lady Lark] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-07 18:14:52,308][INFO ][env ] [Lady Lark] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-07 18:14:53,878][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-07 18:14:54,044][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

Exception in thread “main” ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.<init>(Node.java:179)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

Refer to the log for complete error details.

On Friday, February 3, 2017 at 11:05:52 AM UTC-5, Search Guard wrote:

Can you provide the logs on INFO level that appeared prior to the error message?

Do you use OpenSSL? Maybe you have an outdated open ssl version installed,
in this case try adding “searchguard.ssl.transport.enable_openssl_if_available: false” to elasticsearch.yml

Am 03.02.2017 um 01:10 schrieb Eliran Boraks ebo...@gmail.com:

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3

SG-SSL version search-guard-ssl 2.4.3.19

Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config

  • se-01-keystore.jks
  • truststore.jks

Add the following to elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks

searchguard.ssl.transport.keystore_password:

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password:

searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
    at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
    at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
    at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
    at org.elasticsearch.node.Node.<init>(Node.java:179)
    at org.elasticsearch.node.Node.<init>(Node.java:140)
    at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dfb43290-9973-42dc-a634-dd4244e3996c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

IBM JVM (J9) is not supported, pls install oracle jvm or openjdk

···

On Friday, 10 February 2017 00:32:06 UTC+1, Eliran Boraks wrote:

See below the information you asked for. I installed the jar you gave me and included the logs its produce when running below.

OS version: Red Hat Enterprise Linux Server release 7.3 (Maipo)

Environment Google Cloud Compute

I install Elasticsearch on the OS without any docker or VM

$ java -version

java version “1.8.0”

Java™ SE Runtime Environment (build pxa6480sr3fp20-20161019_02(SR3 FP20))

IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20161013_322271 (JIT enabled, AOT enabled)

J9VM - R28_Java8_SR3_20161013_1635_B322271

JIT - tr.r14.java.green_20161011_125790

GC - R28_Java8_SR3_20161013_1635_B322271_CMPRSS

J9CL - 20161013_322271)

JCL - 20161018_01 based on Oracle jdk8u111-b14

Logs:

[2017-02-09 23:26:03,126][INFO ][node ] [Jackpot] version[2.4.3], pid[2411], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-09 23:26:03,128][INFO ][node ] [Jackpot] initializing …

[2017-02-09 23:26:04,588][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-09 23:26:04,611][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-09 23:26:04,611][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-09 23:26:04,612][INFO ][plugins ] [Jackpot] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-09 23:26:04,651][INFO ][env ] [Jackpot] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-09 23:26:04,651][INFO ][env ] [Jackpot] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-09 23:26:05,986][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-09 23:26:06,082][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-09 23:26:06,082][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-09 23:26:06,083][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-09 23:26:06,373][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:155)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:40)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.node.Node.(Node.java:179)

at org.elasticsearch.node.Node.(Node.java:140)

at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

On Tuesday, February 7, 2017 at 2:09:21 PM UTC-5, Search Guard wrote:

  • What is your operating system?
  • Is it a 32 or 64bit operating system?
  • Is your Oracle jdk8u111-b14 a 32 or 64 bit (x86 or x64) version?
  • Do you run elasticsearch within a special environment (docker, etc) or within a public or private cloud?

I prepared a special “debug” version, can you pls install this a look for additional errors in the logfiles:

https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-ssl/2.4.3.20-SNAPSHOT/search-guard-ssl-2.4.3.20-20170207.190547-1.zip

On Tuesday, 7 February 2017 19:17:12 UTC+1, Eliran Boraks wrote:

I added searchguard.ssl.transport.enable_openssl_if_available: false and I am getting the same error. Here is the complete output:

[2017-02-07 18:14:50,756][INFO ][node ] [Lady Lark] version[2.4.3], pid[4171], build[d38a34e/2016-12-07T16:28:56Z]

[2017-02-07 18:14:50,761][INFO ][node ] [Lady Lark] initializing …

[2017-02-07 18:14:52,227][INFO ][com.floragunn.searchguard.ssl.SearchGuardSSLPlugin] Search Guard 2 plugin not available

[2017-02-07 18:14:52,237][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Clustername: elasticsearch

[2017-02-07 18:14:52,259][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Node [null] is a transportClient: false/tribeNode: false/tribeNodeClient: false

[2017-02-07 18:14:52,261][INFO ][plugins ] [Lady Lark] modules [reindex, lang-expression, lang-groovy], plugins [search-guard-ssl, search-guard-2], sites

[2017-02-07 18:14:52,306][INFO ][env ] [Lady Lark] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [8gb], net total_space [9.9gb], spins? [unknown], types [rootfs]

[2017-02-07 18:14:52,308][INFO ][env ] [Lady Lark] heap size [1gb], compressed ordinary object pointers [unknown]

[2017-02-07 18:14:53,878][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] Config directory is /opt/elastic/ElasticSearch/elasticsearch-2.4.3/config/, from there the key- and truststore files are resolved relatively

[2017-02-07 18:14:54,044][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-07 18:14:54,045][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

Exception in thread “main” ElasticsearchSecurityException[no valid cipher suites for transport protocol]

at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.<init>(Node.java:179)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)

Refer to the log for complete error details.

On Friday, February 3, 2017 at 11:05:52 AM UTC-5, Search Guard wrote:

Can you provide the logs on INFO level that appeared prior to the error message?

Do you use OpenSSL? Maybe you have an outdated open ssl version installed,
in this case try adding “searchguard.ssl.transport.enable_openssl_if_available: false” to elasticsearch.yml

Am 03.02.2017 um 01:10 schrieb Eliran Boraks ebo...@gmail.com:

I have following the SSL quickstart guide - https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md

When starting ES I am getting the error below. Any ideas what I am doing wrong?

ES version 2.4.3

SG-SSL version search-guard-ssl 2.4.3.19

Java 8 based on Oracle jdk8u111-b14

Generated the truststore and keystores using the floragunn site and put them in the [ES-HOME]/config

  • se-01-keystore.jks
  • truststore.jks

Add the following to elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=se-01-keystore.jks

searchguard.ssl.transport.keystore_password:

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password:

searchguard.ssl.transport.enforce_hostname_verification: false

When starting ES I am getting the following error. Any ideas what I am doing wrong?

[2017-02-02 23:58:33,385][ERROR][bootstrap ] Exception

ElasticsearchSecurityException[no valid cipher suites for transport protocol]

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:154)
    at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)
    at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
    at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
    at org.elasticsearch.node.Node.<init>(Node.java:179)
    at org.elasticsearch.node.Node.<init>(Node.java:140)
    at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:45)


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dfb43290-9973-42dc-a634-dd4244e3996c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.