It is time to say goodbye: This version of Elastic Cloud Enterprise has reached end-of-life (EOL) and is no longer supported.
The documentation for this version is no longer being maintained. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Configuring the TLS version
editConfiguring the TLS version
editElastic Cloud Enterprise 2.4.0 and later defaults to minimum TLS version 1.2 with a modern set of cipher suites.
Elastic Cloud Enterprise version |
Default minimum TLS version |
Default allowed cipher suites |
2.4.0 and later |
TLS 1.2 |
|
2.3.1 and earlier |
TLS 1.0 |
|
You can bring back the legacy behavior by running the following script. Note that this requires a proxy restart.
-
On a host that holds the director role:
docker run \ -v ~/.found-shell:/elastic_cloud_apps/shell/.found-shell \ --env SHELL_ZK_AUTH=$(docker exec -it frc-directors-director bash -c 'echo -n $FOUND_ZK_READWRITE') $(docker inspect -f '{{ range .HostConfig.ExtraHosts }} --add-host {{.}} {{ end }}' frc-directors-director) \ --env FOUND_SCRIPT=setIntermediateTls.sc \ --rm -it \ $(docker inspect -f '{{ .Config.Image }}' frc-directors-director) \ /elastic_cloud_apps/shell/run-shell.sh
-
On all of the proxy hosts:
docker rm -f frc-proxies-proxyv2
To reset back to the default behavior of using TLSv1.2 and a modern cipher suite, you can run the following code.
-
On a host that holds the director role:
docker run \ -v ~/.found-shell:/elastic_cloud_apps/shell/.found-shell \ --env SHELL_ZK_AUTH=$(docker exec -it frc-directors-director bash -c 'echo -n $FOUND_ZK_READWRITE') $(docker inspect -f '{{ range .HostConfig.ExtraHosts }} --add-host {{.}} {{ end }}' frc-directors-director) \ --env FOUND_SCRIPT=resetToDefaultTls.sc \ --rm -it \ $(docker inspect -f '{{ .Config.Image }}' frc-directors-director) \ /elastic_cloud_apps/shell/run-shell.sh
-
On all of the proxy hosts:
docker rm -f frc-proxies-proxyv2