Remove default TLS 1.0/1.1 support #83249
Labels
Breaking Change
discuss
Team:Operations
Team label for Operations Team
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
tylersmalley
added
discuss
Team:Operations
|
Pinging @elastic/kibana-operations (Team:Operations) |
tylersmalley
changed the title
tylersmalley
added
the
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
|
I think this is something we should absolutely do for 8.0. ESS has dropped support altogether for all inbound connections, so making this change within Kibana would make us consistent with our hosted offering by default. My feeling is that if ESS can drop support at that scale altogether, then we can safely remove these as defaults in 8.0. On-prem administrators can always opt back in if they really need to support a legacy client. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As part of the Node 12.0 upgrade, we are specifying
--tls-min-v1.0to maintain backward compatibility for any user relying on TLS 1.0. or 1.1.Elasticsearch dropped TLS 1.0 by default in 7.0. It would be good to understand if we can or should make the breaking change to drop TLS 1.0 or 1.1 by default in 8.0.
The text was updated successfully, but these errors were encountered: