Filebeat cipher configurations


i am trying to add the above line in my filebeat config file. I can see whenever i add these 2 ciphers "AES128-GCM-SHA256, AES256-GCM-SHA384" filebeat is down.

Is this the right way to configure the ciphers ?? and those 2 ciphers are not supported by filebeat ?

and can some one help me to configure the ciphers based on the groups like DHE, RSA or ECDSA in filebeat ??

See the filebeat documentation for a full list of currently supported cipher suites. Note that the documentation recommends to leave this setting empty. The go crypto library will then select a safe choice of client-side supported ciphers.

These are the supported TLS 1.2 cipher suites:

  • ECDHE-RSA-AES-128-GCM-SHA256 (TLS 1.2 only)
  • ECDHE-ECDSA-AES-128-GCM-SHA256 (TLS 1.2 only)
  • ECDHE-RSA-AES-256-GCM-SHA384 (TLS 1.2 only)
  • ECDHE-ECDSA-AES-256-GCM-SHA384 (TLS 1.2 only)

AES128-GCM-SHA256, AES256-GCM-SHA384 look like they could be TLS 1.3 cipher suites. These are not yet supported in filebeat.

Thanks Mag.

My requirements is to disable 3DES, since it is an vulnerable cipher .

Is there any option to disable the same as like RC4??

Feel free to use the full list of ciphers suites from the documentation. They will have to be entered into the setting exactly as shown.

However, please be aware that these are the client cipher suites that filebeat offers to the server. It's up to the server to choose the actual cipher suite used for a connection. Therefore, in order to exclude the possibility that any client uses the 3DES cipher with the server, it's usually better to restrict the cipher suites offered by the server. In the case of Elasticsearch, use the xpack.ssl.cipher_suites setting, or an appropriate variant for one of the TLS enabled connectors like HTTPS, transport, or LDAP.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.