How to enable specific TLS version on transport port

Hi,

For http, I see that there is a configuration to enable specific version of TLS protocol. However at least in documentation, equivalent property is not available for transport layer. So if we want to enforce let's say TLS v1.2 for transport layer, how do we achieve that? If this is not an option, then what is the default that Searchguard SSL will use?

Thanks!

# Enabled SSL cipher suites for transport protocol (only Java format is supported)
# WARNING: Expert setting, do only use if you know what you are doing
# If you set wrong values here this this could be a security risk
#searchguard.ssl.transport.enabled_ciphers:
# - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
# - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
  
# Enabled SSL protocols for transport protocol (only Java format is supported)
# WARNING: Expert setting, do only use if you know what you are doing
# If you set wrong values here this this could be a security risk
#searchguard.ssl.transport.enabled_protocols:
# - "TLSv1.2"

···

Am 07.12.2017 um 03:09 schrieb askids <ashokds@gmail.com>:

Hi,

For http, I see that there is a configuration to enable specific version of TLS protocol. However at least in documentation, equivalent property is not available for transport layer. So if we want to enforce let's say TLS v1.2 for transport layer, how do we achieve that? If this is not an option, then what is the default that Searchguard SSL will use?

Thanks!

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f9f9986-5013-4c65-aace-defcbd454b28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thank you. I will try this.

···

On Friday, December 8, 2017 at 12:33:46 PM UTC-5, Search Guard wrote:

Enabled SSL cipher suites for transport protocol (only Java format is supported)

WARNING: Expert setting, do only use if you know what you are doing

If you set wrong values here this this could be a security risk

#searchguard.ssl.transport.enabled_ciphers:

- “TLS_DHE_RSA_WITH_AES_256_CBC_SHA”

- “TLS_DHE_DSS_WITH_AES_128_CBC_SHA256”

Enabled SSL protocols for transport protocol (only Java format is supported)

WARNING: Expert setting, do only use if you know what you are doing

If you set wrong values here this this could be a security risk

#searchguard.ssl.transport.enabled_protocols:

- “TLSv1.2”

https://github.com/floragunncom/search-guard-ssl/blob/5.6.0/searchguard-ssl-config-template.yml

Am 07.12.2017 um 03:09 schrieb askids ash...@gmail.com:

Hi,

For http, I see that there is a configuration to enable specific version of TLS protocol. However at least in documentation, equivalent property is not available for transport layer. So if we want to enforce let’s say TLS v1.2 for transport layer, how do we achieve that? If this is not an option, then what is the default that Searchguard SSL will use?

Thanks!


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f9f9986-5013-4c65-aace-defcbd454b28%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.