Common SSL/TLS exceptions

Indicates that there was an incoming plaintext http request. This typically occurs when an external applications attempts to make an unencrypted call to the REST interface. Please ensure that all applications are using https when calling the REST interface with SSL enabled.

Indicates that there was incoming plaintext traffic on an SSL connection. This typically occurs when a node is not configured to use encrypted communication and tries to connect to nodes that are using encrypted communication. Please verify that all nodes are using the same setting for xpack.security.transport.ssl.enabled.

For more information about this setting, see Security settings.

Indicates an issue with data received on the transport interface in an unknown format. This can happen when a node with encrypted communication enabled connects to a node that has encrypted communication disabled. Please verify that all nodes are using the same setting for xpack.security.transport.ssl.enabled.

For more information about this setting, see Security settings.

This exception is typically seen when a https request is made to a node that is not using https. If https is desired, please ensure the following setting is in elasticsearch.yml:

xpack.security.http.ssl.enabled: true

For more information about this setting, see Security settings.

This error occurs when a SSL/TLS cipher suite is specified that cannot supported by the JVM that Elasticsearch is running in. Security tries to use the specified cipher suites that are supported by this JVM. This error can occur when using the Security defaults as some distributions of OpenJDK do not enable the PKCS11 provider by default. In this case, we recommend consulting your JVM documentation for details on how to enable the PKCS11 provider.

Another common source of this error is requesting cipher suites that use encrypting with a key length greater than 128 bits when running on an Oracle JDK. In this case, you must install the JCE Unlimited Strength Jurisdiction Policy Files.