Is it possible to install searchguard on ES5 without enabling ssl/tls

Good day,

We have a server which includes a cluster with multiple ES5 nodes. Our system processes big data on real-time so we have strict performance consideration. Therefore, we have no internal security protocols securing the transfers between nodes, instead, we have external security for our servers.

Is there still a way to install searchguard on ES5 without enabling ssl/tls?

Quick answer is: TLS is mandatory on the transport layer (inter-node), and optional on the REST layer. So, no, you cannot disable TLS on the transport layer, because this would introduce all kinds of security flaws.

If you’re interested in why we are so strict about this, we’ve written an article about our decision here:

https://floragunn.com/search-guard-ssl-tls/

···

On Wednesday, April 26, 2017 at 5:01:24 PM UTC+2, waseempresenso@gmail.com wrote:

Good day,

We have a server which includes a cluster with multiple ES5 nodes. Our system processes big data on real-time so we have strict performance consideration. Therefore, we have no internal security protocols securing the transfers between nodes, instead, we have external security for our servers.

Is there still a way to install searchguard on ES5 without enabling ssl/tls?

Many thanks for your response. I will consider that before start working with the searchguard.

Best regards

···

On Friday, April 28, 2017 at 8:46:04 PM UTC+3, Jochen Kressin wrote:

Quick answer is: TLS is mandatory on the transport layer (inter-node), and optional on the REST layer. So, no, you cannot disable TLS on the transport layer, because this would introduce all kinds of security flaws.

If you’re interested in why we are so strict about this, we’ve written an article about our decision here:

https://floragunn.com/search-guard-ssl-tls/

On Wednesday, April 26, 2017 at 5:01:24 PM UTC+2, waseemp...@gmail.com wrote:

Good day,

We have a server which includes a cluster with multiple ES5 nodes. Our system processes big data on real-time so we have strict performance consideration. Therefore, we have no internal security protocols securing the transfers between nodes, instead, we have external security for our servers.

Is there still a way to install searchguard on ES5 without enabling ssl/tls?

BTW - looks like Elastic / X-Pack is going the same route:

https://www.elastic.co/blog/elasticsearch-6-0-0-alpha1-released

"TLS between nodes is required in X-Pack in 6.0 "

···

On Sunday, April 30, 2017 at 10:09:44 AM UTC+2, waseempresenso@gmail.com wrote:

Many thanks for your response. I will consider that before start working with the searchguard.

Best regards

On Friday, April 28, 2017 at 8:46:04 PM UTC+3, Jochen Kressin wrote:

Quick answer is: TLS is mandatory on the transport layer (inter-node), and optional on the REST layer. So, no, you cannot disable TLS on the transport layer, because this would introduce all kinds of security flaws.

If you’re interested in why we are so strict about this, we’ve written an article about our decision here:

https://floragunn.com/search-guard-ssl-tls/

On Wednesday, April 26, 2017 at 5:01:24 PM UTC+2, waseemp...@gmail.com wrote:

Good day,

We have a server which includes a cluster with multiple ES5 nodes. Our system processes big data on real-time so we have strict performance consideration. Therefore, we have no internal security protocols securing the transfers between nodes, instead, we have external security for our servers.

Is there still a way to install searchguard on ES5 without enabling ssl/tls?