mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-30 02:13:33 -04:00
ba37e3c4a0
This commit changes the default behavior for
xpack.security.ssl.diagnose.trust when running in a FIPS 140 JVM.
More specifically, when xpack.security.fips_mode.enabled is true:
- If xpack.security.ssl.diagnose.trust is not explicitly set, the
default value of it becomes false and a log message is printed
on info level, notifying of the fact that the TLS/SSL diagnostic
messages are not enabled when in a FIPS 140 JVM.
- If xpack.security.ssl.diagnose.trust is explicitly set, the value of
it is honored, even in FIPS mode.
This is relevant only for 7.x where we support Java 8 in which
SunJSSE can still be used as a FIPS 140 provider for TLS. SunJSSE
in FIPS mode, disallows the use of other TrustManager implementations
than the one shipped with SunJSSE.
|
||
|---|---|---|
| .. | ||
| images | ||
| audit-settings.asciidoc | ||
| ccr-settings.asciidoc | ||
| data-frames-settings.asciidoc | ||
| ilm-settings.asciidoc | ||
| license-settings.asciidoc | ||
| ml-settings.asciidoc | ||
| monitoring-settings.asciidoc | ||
| notification-settings.asciidoc | ||
| security-hash-settings.asciidoc | ||
| security-settings.asciidoc | ||
| sql-settings.asciidoc | ||
| ssl-settings.asciidoc | ||