Running a demo with ES 6.4.0 i have a strange feeling about how is handled the setting xpack.license.self_generated.type: basic
in elasticsearch.yml
.
My need is to have SSL (encryption in transit) and no certs authentication beetween nodes or clients.
Reeding the doc i would assume that this is not possible without a valid gold (at least subscription).
But when trying it and setting xpack.license.self_generated.type: basic
in order to limit the license to the basic subset it seems that the xpack.ssl.* setup are honored correctly.
ex: openssl s_client -CAfile ./certs/ca.pem -showcerts -connect localhost:9300
SSL handshake has read 1388 bytes and written 194 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 5BACE946CA28B152230EBB34E80E8E0A4F836A965791D0C01214120964BEEBA0
Session-ID-ctx:
Master-Key: 8FDDF779120F8C8FEAFA4769F962B342B5A91E2E8F91A847E416E0B3B0CDC55E92A98DA2C486C77687064E06EA5E79EC
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1538058566
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
or
curl --cacert certs/ca.pem -I https://localhost:9200
:
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 500
Any explanation to what i am missing here ?