Yes, you have encrypted communications between elasticsearch nodes and clients.
That's right, if you want to store encrypted data in elasticsearch you will need to encrypt it before you store it or use a OS level encryption.
The OS level encryption is transparent for Elasticsearch and any other software in the system, so if you store a sensitive information in plain text, everyone who is authorized to query on that field will be able to see that information.
What that kind encryption do is to protect your data if your disk is powered off and removed from the system, while it is powered on and in the system, everyone with access to the system may be able to see it.