Client SSL and Server SSL - ES Java Client

Initial excuse - we are still using TransportClient ( PreBuiltXPackTransportClient). Migrating to High Level Rest Client is in progress.
This question would still be relevant for High Level Rest Client

Elasticsearch Server Version : 7.10.2
Elasticsearch Java Client Dependencies versions : 7.10.2

On Server-side, we have following settings on elasticsearch.yml : true certificate <cert_path> <cert_path>

With above server, can the client - PreBuiltXPackTransportClient WITHOUT SSL params can even communicate with server ?

In effect, Server is enabled with SSL and client just using username + password authentication without client-SSL - is this combination possible ?

I conducted two tests as follows :

Test Case 1 :

Server : Only username and password WITHOUT transport SSL

Client : Tested with PrebuiltXPackTransportClient with only username and password WITHOUT SSL

Observed Behaviour : This combination works as expected with only user and password without SSL

Test Case 2 :

Server : Username + Password + Transport-SSL enabled in elasticsearch.yml true certificate <cert_path> <cert_path>

Client : Tested with PrebuiltXPackTransportClient with ONLY username and password WITHOUT SSL

Observed Behavior : This combination fails with NoNodeAvailableException [None of the configured nodes are available] :


  1. Can non-SSL PrebuiltXPackTransportClient communicate with SSL-enabled server - only with username + password based authentication?
  2. Can Elasticsearch throw arbitrary exceptions like NoNodeEvailableException when above combination is tried - as I have mentioned in Test Case 2 above ?
  3. Is it mandatory that PrebuiltXPackTransportClient must use SSL when xpack.transport on Server side is SSL-enabled ?
  4. I did not see any logs on Elasticsearch Server side during this testing

I am referring following Client Documentation for my testing - Java Client and security | Elasticsearch Guide [7.x] | Elastic

Thanks in advance.

  • Muthu

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.