elastic.security.protocol
The security protocol to use when connecting to Elasticsearch. Values can be
PLAINTEXT
or SSL
. If PLAINTEXT
is passed, all configs prefixed by
elastic.https.
will be ignored. This is optional for client.
- Type: string
- Default:
PLAINTEXT
- Valid Values: (case insensitive) [PLAINTEXT, SSL]
- Importance: medium
elastic.https.ssl.key.password
The password of the private key in the key store file. This is optional for
client.
- Type: password
- Default: null
- Importance: high
elastic.https.ssl.keystore.location
The location of the key store file. This is optional for client and can be
used for two-way authentication for client.
- Type: string
- Default: null
- Importance: high
elastic.https.ssl.keystore.password
The store password for the key store file. This is optional for client and
only needed if ssl.keystore.location
is configured.
- Type: password
- Default: null
- Importance: high
elastic.https.ssl.truststore.location
The location of the trust store file.
- Type: string
- Default: null
- Importance: high
elastic.https.ssl.truststore.password
The password for the trust store file. If a password is not set, access to the
trust store is still available, but integrity checking is disabled.
- Type: password
- Default: null
- Importance: high
elastic.https.ssl.enabled.protocols
The list of protocols enabled for SSL connections. The default is
TLSv1.2,TLSv1.3
when running with Java 11 or later, and TLSv1.2
otherwise. With the default value for Java 11, clients and servers will prefer
TLSv1.3
if both support it and fallback to TLSv1.2
otherwise (assuming
both support at least TLSv1.2
). This default should be fine for most cases.
Also see the configuration documentation for ssl.protocol
.
- Type: list
- Default: TLSv1.2
- Importance: medium
elastic.https.ssl.keystore.type
The file format of the key store file. This is optional for client.
- Type: string
- Default: JKS
- Importance: medium
elastic.https.ssl.protocol
The SSL protocol used to generate the SSLContext. The default is TLSv1.3
when running with Java 11 or later, TLSv1.2
otherwise. This value should
be fine for most use cases. Most recent JVMs allow TLSv1.2
and
TLSv1.3
. TLS
, TLSv1.1
, SSL
, SSLv2
, and SSLv3
may be
supported in older JVMs, but their usage is discouraged due to known security
vulnerabilities. With the default value for this config and
ssl.enabled.protocols
, clients will downgrade to TLSv1.2
if the server
does not support TLSv1.3
. If this config is set to TLSv1.2
, clients
will not use TLSv1.3
even if it is one of the values in
ssl.enabled.protocols and the server only supports TLSv1.3
.
- Type: string
- Default: TLSv1.2
- Importance: medium
elastic.https.ssl.provider
The name of the security provider used for SSL connections. Default value is
the default security provider of the JVM.
- Type: string
- Default: null
- Importance: medium
elastic.https.ssl.truststore.type
The file format of the trust store file.
- Type: string
- Default: JKS
- Importance: medium
elastic.https.ssl.cipher.suites
A list of cipher suites. This is a named combination of authentication,
encryption, MAC and key exchange algorithm used to negotiate the security
settings for a network connection using TLS or SSL network protocol. By
default all the available cipher suites are supported.
- Type: list
- Default: null
- Importance: low
elastic.https.ssl.endpoint.identification.algorithm
The endpoint identification algorithm to validate server hostname using server
certificate. Disable server host name verification by setting
elastic.https.ssl.endpoint.identification.algorithm
to an empty string.
- Type: string
- Default: https
- Importance: low
elastic.https.ssl.engine.factory.class
The class of type org.apache.kafka.common.security.auth.SslEngineFactory
to provide SSLEngine objects. Default value is
org.apache.kafka.common.security.ssl.DefaultSslEngineFactory
- Type: class
- Default: null
- Importance: low
elastic.https.ssl.keymanager.algorithm
The algorithm used by key manager factory for SSL connections. Default value
is the key manager factory algorithm configured for the Java Virtual Machine.
- Type: string
- Default: SunX509
- Importance: low
elastic.https.ssl.secure.random.implementation
The SecureRandom PRNG implementation to use for SSL cryptography operations.
- Type: string
- Default: null
- Importance: low
elastic.https.ssl.trustmanager.algorithm
The algorithm used by the trust manager factory for SSL connections. Default
value is the trust manager factory algorithm configured for the JVM.
- Type: string
- Default: PKIX
- Importance: low