TLS v1.0 has been removed from default TLS/SSL protocols

Hi,

I am trying to update elasticsearch from 6.7 to 7.0 i got warning from 7.0 assistant as below TLS v1.0 has been removed from default TLS/SSL protocols
so in my elasticsearch.yml i have added below codeto remove this warning

xpack.security.http.ssl.supported_protocols: [ "TLSv1.2", "TLSv1.1", "TLSv1" ]

But still warning shown in assistant 7.0 Please guide me.

Refrerence

https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#tls-v1-removed

This is not code to remove the warning, this is a configuration option to explicitly re-enable TLSv1.0 for your installation. As you can read in the link you referenced:

You can enable TLS v1.0 by configuring the relevant ssl.supported_protocols setting to include "TLSv1"

The warning is just there to notify you that if you wanted to use TLSv1.0 in version 7.0, you need to explicitly enable it in the configuration ( as opposed to 6.7 where it was implicitly enabled by default ). If you don't have to use TLS v1.0, you can feel free to disregard that warning.

I expect that you have other ssl contexts in your elasticsearch.yml that are relying on the default TLS protocols (e.g. xpack.security.transport.ssl).

You will need to look at which ones you have, and decide whether you want to explicitly enable TLSv1 (which an old protocol with known weaknesses) or disable it (which will happen automatically when you upgrade to 7.x).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.