Hello,
I want do disable TLS1.1 support in Elastic Agent (Fleet Server).
In Custom fleet-server configurations I tried to set the "ssl.supported_protocols: [TLSv1.2]" but with no effect.
With "elastic-agent inspect" I see the setting I have made.
- data_stream:
namespace: default
id: fleet-server-fleet_server-e3679c00-3110-11ee-89dc-61113427e2ab
meta:
package:
name: fleet_server
version: 1.3.1
name: fleet_server-1
package_policy_id: e3679c00-3110-11ee-89dc-61113427e2ab
revision: 5
ssl:
supported_protocols:
- TLSv1.3
type: fleet-server
unused_key: not_used
use_output: default
But with openssl s_client I am still able to connect with TLS1.1.
SSL handshake has read 2887 bytes and written 262 bytes
Verification: OK
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 81D4516E1C3E2AD777764D779D9C106A19A66ECB6BFF47904F554314658EA221
Session-ID-ctx:
Can anyone help me?
Thanks!