Setting up specific tls versions and allowed ciphers.

Hey,

I’m trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?

Thanks,

Shawn

thats not possible yet, can you please open an issue on github? will implement it in the next release.

···

Am 13.05.2016 um 23:19 schrieb Shawn Lee <dashawn@gmail.com>:

Hey,

I'm trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?

Thanks,

Shawn

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f757cc5-f03b-4619-bb5a-4665f4c3cfad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

I was thinking that this might be a straight forward patch on the code. Hoping it could be a few lines of code. I’ll start looking to see how to set this up. Can anyone point me to the correct src files that would be best to add the ssl cipher and TLS version config options and controls to?

Thanks,

Shawn

···

On Saturday, May 14, 2016 at 12:44:54 AM UTC-7, SG wrote:

thats not possible yet, can you please open an issue on github? will implement it in the next release.

Am 13.05.2016 um 23:19 schrieb Shawn Lee das...@gmail.com:

Hey,

I’m trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?

Thanks,

Shawn


You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f757cc5-f03b-4619-bb5a-4665f4c3cfad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

we already work on this, would be great if you just can file an issue for that

···

Am 25.05.2016 um 15:51 schrieb Shawn Lee <dashawn@gmail.com>:

I was thinking that this might be a straight forward patch on the code. Hoping it could be a few lines of code. I'll start looking to see how to set this up. Can anyone point me to the correct src files that would be best to add the ssl cipher and TLS version config options and controls to?

Thanks,

Shawn

On Saturday, May 14, 2016 at 12:44:54 AM UTC-7, SG wrote:
thats not possible yet, can you please open an issue on github? will implement it in the next release.

> Am 13.05.2016 um 23:19 schrieb Shawn Lee <das...@gmail.com>:
>
> Hey,
>
> I'm trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?
>
> Thanks,
>
> Shawn
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f757cc5-f03b-4619-bb5a-4665f4c3cfad%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c46cab9d-ab44-4dc8-ab2c-51bf7669f41d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

https://github.com/floragunncom/search-guard-ssl/issues/21

Thanks for your help everyone.

···

On Wednesday, May 25, 2016 at 7:10:52 AM UTC-7, SG wrote:

we already work on this, would be great if you just can file an issue for that

Am 25.05.2016 um 15:51 schrieb Shawn Lee das...@gmail.com:

I was thinking that this might be a straight forward patch on the code. Hoping it could be a few lines of code. I’ll start looking to see how to set this up. Can anyone point me to the correct src files that would be best to add the ssl cipher and TLS version config options and controls to?

Thanks,

Shawn

On Saturday, May 14, 2016 at 12:44:54 AM UTC-7, SG wrote:

thats not possible yet, can you please open an issue on github? will implement it in the next release.

Am 13.05.2016 um 23:19 schrieb Shawn Lee das...@gmail.com:

Hey,

I’m trying to force TLSv1.2 for the web server and select only perfect forward secrecy ciphers. Does anyone know how to configure elasticsearch.yml to force the version and cipher suite?

Thanks,

Shawn


You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f757cc5-f03b-4619-bb5a-4665f4c3cfad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c46cab9d-ab44-4dc8-ab2c-51bf7669f41d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.