Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS 1.3 Support #26379

Closed
kobelb opened this issue Nov 28, 2018 · 9 comments · Fixed by #61587
Closed

Add TLS 1.3 Support #26379

kobelb opened this issue Nov 28, 2018 · 9 comments · Fixed by #61587
Assignees
Labels
enhancement New value added to drive a business result Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@kobelb
Copy link
Contributor

kobelb commented Nov 28, 2018

Once NodeJS updates to OpenSSL 1.1.1 and TLS 1.3 is supported, we should add support in Kibana and have it enabled by default. The following issue tracks the the OpenSSL 1.1.1 support nodejs/node#18770.

@kobelb kobelb added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! enhancement New value added to drive a business result labels Nov 28, 2018
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security

@sam-github
Copy link

sam-github commented Nov 28, 2018

Please note that updating OpenSSL 1.1.1 and supporting TLSv1.3 are two seperate steps. We are close to 1.1.1, but TLSv1.3 behaves differently enough from v1.2 that it does not currently work.

@kobelb
Copy link
Contributor Author

kobelb commented Nov 28, 2018

Gotcha, thanks for the heads up @sam-github, I should have read nodejs/node#21304 more closely. Is there another issue that we should be tracking for the TLSv1.3 support?

@sam-github
Copy link

nodejs/node#18770 is the one to follow. When openssl1.1.1a lands, work will continue, as will conversation, somewhere, not sure where, but a note will be posted in 18770 pointing where to go to follow along.

@kobelb
Copy link
Contributor Author

kobelb commented Nov 28, 2018

Fantastic, thanks so much @sam-github!

@mattapperson
Copy link
Contributor

@kobelb bump as node is ready

@mattapperson
Copy link
Contributor

This upgrade will be required by Fleet. We need the faster TLS handshake to reach our performance goals

@legrego
Copy link
Member

legrego commented Jul 12, 2019

I could be wrong, but based on the docs and quick testing on my end, Node v10.x does not support TLSv1.3. We'll need to upgrade Kibana to use at least v11.x to pick up TLSv1.3 support.

@elastic/kibana-operations do we have plans to bump Node to version 11 or beyond in the near future?

@sam-github
Copy link

I can confirm, 10.x does not support TLS1.3, and is unlikely to. Backporting was pretty hard.

11.x is EOL, I'd suggest not using it.

12.x has TLS1.3, and will go into LTS on Oct 22nd, 2019, but you can start using it now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New value added to drive a business result Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants