Elasticsearch version: 7.7.1
Server OS version: Windows 10
Describe the issue: TLSv1.3 are not accepted by the server
Steps to reproduce:
- Enabled the TLSv1.3 as following in elasticsearch.yml,
searchguard.ssl.http.enabled_protocols: ["TLSv1.3"] searchguard.ssl.transport.enabled_protocols: ["TLSv1.3"]
- Restart the service
- Sent the request from the postman, disabling TLSv1.3.
- Got the following error,
[2021-04-12T11:39:21,905][WARN ][o.e.h.AbstractHttpServerTransport] [cad206.corp.soti.net] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=0.0.0.0/0.0.0.0:9200, remoteAddress=null}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: The client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12]
…
…
Caused by: javax.net.ssl.SSLHandshakeException: The client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12]
Additional data:
I have checked on the Windows registry and I don’t have any,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
So the question is If I don’t have any specific entry in the registry, especially specific to enable/disable the TLS version, I should not have this error.
I should be able to see the proper communication.
Let me know If I am making any mistake or if you need more details.