Hi,
we configured ES 6.8.3 with a transport profile without mutual TLS authentication for use with a legacy client. Now we want to upgrade to ES 7.5.0, but the same configuration stopped working. Apparently no server certificate is generated, and the TLS handshake fails.
Here is the configuration:
transport.profiles.client:
port: 9500
xpack.security:
type: client
ssl:
client_authentication: none
And here is the output of openssl when trying to connect to the transport profile:
openssl s_client -connect localhost:9500 Do 09 Jan 2020 11:09:18 CET
CONNECTED(00000003)
140007703086336:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---