Kibana Ports reported as vulnerability for TLS v 1.0 and 1.1

pavank · March 3, 2021, 12:56pm

Hi All

We are using Kibana Version 6.6.2. Recently our security scans for vulnerable ports reported Kibana port (5061) for using TLS 1.0 and TLS 1.1.
I could not find any documentation on the blogs on how to disable older TLS versions.
Any suggestions or guidance on how to approach this issue is much appreciated.

Regards,
Pavan

jportner · March 3, 2021, 2:30pm

Hi @pavank, you can disable TLS 1.0 and 1.1 by adding the following to your kibana.yml:

server.ssl.supportedProtocols: "TLSv1.2"

You can find more information on this page of the docs: Configuring Kibana | Kibana User Guide [6.6] | Elastic

system · March 31, 2021, 2:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to disable kibana 7.17.3 TLS version 1.1 Kibana elastic-stack-security	2	403	June 9, 2022
Disable tlsv1 and tlsv1.1 in kibana Kibana	2	2042	March 20, 2018
Disallow tls1 and tls1.1 in kibana Kibana	2	493	April 13, 2017
Configure Kibana for TLS 1.1 Kibana elastic-stack-security	2	394	August 26, 2020
How do I enable TLS1.2 only and disable weak ssl ciphers in Kibana 7.0? Kibana elastic-stack-security	2	3550	March 29, 2021

Kibana Ports reported as vulnerability for TLS v 1.0 and 1.1

Related topics