Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase default minimum TLS version to 1.2 #10491

Open
axw opened this issue Mar 20, 2023 · 1 comment
Open

Increase default minimum TLS version to 1.2 #10491

axw opened this issue Mar 20, 2023 · 1 comment
Assignees
@kruskall
Labels
blocked enhancement
Milestone
8.9

Comments

@axw
Copy link
Member

axw commented Mar 20, 2023

APM Server inherits (most of?) its TLS configuration from libbeat. This includes the minimum/maximum TLS protocol version. These currently default to 1.1 and 1.3 respectively.

TLS 1.1 has been deprecated since 2021, and is considered unsafe. We should bump the minimum to 1.2, but allow users to explicitly opt into setting a minimum version of 1.1 for exotic use cases.

See also https://github.com/elastic/ingest-dev/issues/3474
@simitt simitt added this to the 8.9 milestone May 3, 2023
@kruskall kruskall self-assigned this May 8, 2023
@kruskall kruskall mentioned this issue May 8, 2023
Open
2 tasks
@kruskall kruskall mentioned this issue May 15, 2023
Merged
3 tasks
@kruskall
Copy link
Member

Opened #10812 to address the default in APM package.

For APM Server binary and other features using the TLS config struct from elastic-agent-libs, there is an open PR in that repo: elastic/elastic-agent-libs#121

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kruskall kruskall

Labels
blocked enhancement
Projects
None yet
Milestone
8.9
Development

No branches or pull requests
3 participants
@axw @simitt @kruskall