Our InfoSec scans report that Kibana 7.0 service is supporting weak protocols and weak cipher suites. I am trying to find how to disable TLS 1.1 and below protocols and remove specific ciphers from Kibana service. Any help you could provide will be greatly appreciated.

wylie (Wylie Conlon) March 1, 2021, 8:08pm 2

Hi, welcome to the forums! Kibana supports the setting server.ssl.supportedProtocols:

Please note that TLS 1.3 is only supported in the very latest Kibana, 7.11.0

1 Like

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

How do I enable TLS1.2 only and disable weak ssl ciphers in Kibana 7.0?