i am trying to add the above line in my filebeat config file. I can see whenever i add these 2 ciphers "AES128-GCM-SHA256, AES256-GCM-SHA384" filebeat is down.
Is this the right way to configure the ciphers ?? and those 2 ciphers are not supported by filebeat ?
and can some one help me to configure the ciphers based on the groups like DHE, RSA or ECDSA in filebeat ??
See the filebeat documentation for a full list of currently supported cipher suites. Note that the documentation recommends to leave this setting empty. The go crypto library will then select a safe choice of client-side supported ciphers.
These are the supported TLS 1.2 cipher suites:
ECDHE-RSA-AES-128-GCM-SHA256 (TLS 1.2 only)
ECDHE-ECDSA-AES-128-GCM-SHA256 (TLS 1.2 only)
ECDHE-RSA-AES-256-GCM-SHA384 (TLS 1.2 only)
ECDHE-ECDSA-AES-256-GCM-SHA384 (TLS 1.2 only)
AES128-GCM-SHA256, AES256-GCM-SHA384 look like they could be TLS 1.3 cipher suites. These are not yet supported in filebeat.
Feel free to use the full list of ciphers suites from the documentation. They will have to be entered into the setting exactly as shown.
However, please be aware that these are the client cipher suites that filebeat offers to the server. It's up to the server to choose the actual cipher suite used for a connection. Therefore, in order to exclude the possibility that any client uses the 3DES cipher with the server, it's usually better to restrict the cipher suites offered by the server. In the case of Elasticsearch, use the xpack.ssl.cipher_suites setting, or an appropriate variant for one of the TLS enabled connectors like HTTPS, transport, or LDAP.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.