i'm following the document to open SSL in one node of elasticsearch cluster.
i got the error message below
"Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://x.x.x.x:9200 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. "
in fact, i already checked TLS in browser (IE, Chrome)
Are you using Shield?
yes, shield pulgin already installed
What version of ES are you running?
es 2.1.0
@Chris_wang did you get to the bottom of this?
If not, you can use nmap to see what is happening with the ssl enum ciphers script
nmap --script=ssl-enum-ciphers -p 9200 127.0.0.1
Starting Nmap 7.12 ( https://nmap.org ) at 2016-06-07 13:25 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
PORT STATE SERVICE
9200/tcp open wap-wsp
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp160k1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp160k1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp160k1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: A© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.