What Java version are you running on and what is your reasoning for changing the default enabled ciphers? Did you encounter an error or are you trying to be compliant with a security policy?
Thank you for your reply, I am using Java 11 and yes I want to change the cipher to comply with security policy. I am trying to enable only stronger cipher. It is bit confusing as on
" If TLSv1.3 is not available, the TLSv1.3 ciphers TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256 are not included in the default list. If 256-bit AES is unavailable, ciphers with AES_256 in their names are not included in the default list"
The default ciphers for Elasticsearch have no connection to your (or your organization's) security policy .
Do I have to download (JCE) Unlimited Strength Jurisdiction Policy Files* for 256-bit AES encryption to use the above cipher?.
No, Java 11 doesn't require this.
What exactly is confusing you ? TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256 are only available in TLS1.3 so if you want to use TLS1.2, you can't use them.
Also
" If TLSv1.3 is not available, the TLSv1.3 ciphers TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256 are not included in the default list. If 256-bit AES is unavailable, ciphers with AES_256 in their names are not included in the default list"
talks about default values and you are explicitly setting your ciphers so you shouldn't need to care about the default values.
Java Security Standard Algorithm Names contains a list of all ciphers, which version of TLS they were introduced in and whether or not they are deprecated.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.