Configuring the TLS version
editConfiguring the TLS version
editElastic Cloud Enterprise 2.4.0 and later defaults to minimum TLS version 1.2 with a modern set of cipher suites.
Elastic Cloud Enterprise version |
Default minimum TLS version |
Default allowed cipher suites |
2.4.0 and later |
TLS 1.2 |
|
2.3.1 and earlier |
TLS 1.0 |
|
You can bring back the legacy behavior by running the following script. Note that this requires a proxy restart.
-
On a host that holds the director role:
docker run \ -v ~/.found-shell:/elastic_cloud_apps/shell/.found-shell \ --env SHELL_ZK_AUTH=$(docker exec -it frc-directors-director bash -c 'echo -n $FOUND_ZK_READWRITE') $(docker inspect -f '{{ range .HostConfig.ExtraHosts }} --add-host {{.}} {{ end }}' frc-directors-director) \ --env FOUND_SCRIPT=setIntermediateTls.sc \ --rm -it \ $(docker inspect -f '{{ .Config.Image }}' frc-directors-director) \ /elastic_cloud_apps/shell/run-shell.sh -
On all of the proxy hosts:
docker rm -f frc-proxies-proxyv2
To reset back to the default behavior of using TLSv1.2 and a modern cipher suite, you can run the following code.
-
On a host that holds the director role:
docker run \ -v ~/.found-shell:/elastic_cloud_apps/shell/.found-shell \ --env SHELL_ZK_AUTH=$(docker exec -it frc-directors-director bash -c 'echo -n $FOUND_ZK_READWRITE') $(docker inspect -f '{{ range .HostConfig.ExtraHosts }} --add-host {{.}} {{ end }}' frc-directors-director) \ --env FOUND_SCRIPT=resetToDefaultTls.sc \ --rm -it \ $(docker inspect -f '{{ .Config.Image }}' frc-directors-director) \ /elastic_cloud_apps/shell/run-shell.sh -
On all of the proxy hosts:
docker rm -f frc-proxies-proxyv2