On a recent vulnerability scan we had findings for the Elastic Agent Fleet Server for having TLS 1.1 enabled along with insecure ciphers on port 8220. I have a client asking that we fix this... I added the below to elastic-agent.yml and in the advanced fleet server config on the agent policy but I get no change in TLS/Ciphers used. I used the KB article but it is still not working. I tried to enable TLS 1.0 just to see if it was reading the file and that changed nothing. If I add some random garbage to the file then Elastic Agent won't open which tells me it is the right config file. Any thoughts?
If I add some random garbage to the file then Elastic Agent won't open which tells me it is the right config file.
If you add some garbage in a way that makes the YAML file invalid, yes, the Elastic-Agent will fail to start. However if it is still a valid YAML but with unknown keys, then the Elastic-Agent will just ignore those unknown keys. That seems to be the case with your example.
I think mine did not copy and paste correctly to here because I didn't put it in the correct format. I copied your response and it did not change anything.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.