github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Deprecate SSL settings (#29990)

Browse source
This commit is contained in:
Lisa Cawley 2019-02-04 15:02:46 -08:00 committed by lcawl
parent 54c9b6cab8
commit dec312bc7e
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/setup/settings.asciidoc
View file

@ -59,16 +59,29 @@ The following example shows a valid regionmap configuration.
these settings provide the username and password that the Kibana server uses to perform maintenance on the Kibana index at
startup. Your Kibana users still need to authenticate with Elasticsearch, which is proxied through the Kibana server.
`server.ssl.enabled`:: *Default: "false"* Enables SSL for outgoing requests from the Kibana server to the browser. When set to `true`, `server.ssl.certificate` and `server.ssl.key` are required
`server.ssl.cert:`:: Path to the PEM-format SSL certificate. This file enables
SSL for outgoing requests from the Kibana server to the browser.
deprecated[5.3.0,Replaced by `server.ssl.certificate`]
`server.ssl.certificate:` and `server.ssl.key:`:: Paths to the PEM-format SSL certificate and SSL key files, respectively.
`server.ssl.keyPassphrase:`:: The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
`server.ssl.certificateAuthorities:`:: List of paths to PEM encoded certificate files that should be trusted.
`server.ssl.supportedProtocols:`:: *Default: TLSv1, TLSv1.1, TLSv1.2* Supported protocols with versions. Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2`
`server.ssl.cipherSuites:`:: *Default: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, DHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA256, HIGH,!aNULL, !eNULL, !EXPORT, !DES, !RC4, !MD5, !PSK, !SRP, !CAMELLIA*. Details on the format, and the valid options, are available via the [OpenSSL cipher list format documentation](https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT)
`elasticsearch.ssl.cert:`:: Optional setting that provides the path to the
PEM-format SSL certificate. This file validates that your Elasticsearch backend
uses the same key files.
deprecated[5.3.0,Replaced by `elasticsearch.ssl.certificate`]
`elasticsearch.ssl.certificate:` and `elasticsearch.ssl.key:`:: Optional settings that provide the paths to the PEM-format SSL
certificate and key files. These files are used to verify the identity of Kibana to Elasticsearch and are required when `xpack.ssl.verification_mode` in Elasticsearch is set to either `certificate` or `full`.
`elasticsearch.ssl.keyPassphrase:`:: The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
`elasticsearch.ssl.ca:`:: Optional setting that enables you to specify a path to
the PEM file for the certificate authority for your Elasticsearch instance.
deprecated[5.3.0,Replaced by `elasticsearch.ssl.certificateAuthorities`]
`elasticsearch.ssl.certificateAuthorities:`:: Optional setting that enables you to specify a list of paths to the PEM file for the certificate
authority for your Elasticsearch instance.
`elasticsearch.ssl.verify:`:: *Default: true* To disregard the validity of SSL
certificates, change this settings value to `false`.
deprecated[5.3.0,Replaced by `elasticsearch.ssl.verificationMode`]
`elasticsearch.ssl.verificationMode:`:: *Default: full* Controls the verification of certificates presented by Elasticsearch. Valid values are `none`, `certificate`, and `full`.
`full` performs hostname verification, and `certificate` does not.
`elasticsearch.pingTimeout:`:: *Default: the value of the `elasticsearch.requestTimeout` setting* Time in milliseconds to