we configured ES 6.8.3 with a transport profile without mutual TLS authentication for use with a legacy client. Now we want to upgrade to ES 7.5.0, but the same configuration stopped working. Apparently no server certificate is generated, and the TLS handshake fails.
Here is the configuration:
transport.profiles.client: port: 9500 xpack.security: type: client ssl: client_authentication: none
And here is the output of openssl when trying to connect to the transport profile:
openssl s_client -connect localhost:9500 Do 09 Jan 2020 11:09:18 CET CONNECTED(00000003) 140007703086336:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 293 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---