Skip to content

Commit 3e6efef

Browse files
author
Adam Locke
authored
[7.8] [DOCS] Add deprecation warnings for SSL settings (#79293)
1 parent 7cf725c commit 3e6efef

File tree

1 file changed

+103
-0
lines changed

1 file changed

+103
-0
lines changed

docs/reference/migration/migrate_7_8.asciidoc

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,109 @@ locally.
117117
To avoid deprecation warnings, discontinue use of the `local` parameter.
118118
====
119119

120+
[discrete]
121+
[[breaking_78_tls_changes]]
122+
=== Security changes
123+
124+
[[tls-ssl-transport-enabled-required]]
125+
.The `xpack.security.transport.ssl.enabled` setting will be required to configure `xpack.security.transport.ssl` settings.
126+
[%collapsible]
127+
====
128+
*Details* +
129+
Configuring any SSL settings for
130+
`xpack.security.transport.ssl` without also configuring
131+
`xpack.security.transport.ssl.enabled` generates warnings in the deprecation
132+
log. In 8.0, this configuration will result in errors.
133+
134+
*Impact* +
135+
To avoid deprecation warnings, either:
136+
137+
* Explicitly set `xpack.security.transport.ssl.enabled` as `false`
138+
* Discontinue use of other `xpack.security.transport.ssl` settings
139+
140+
If you want to enable SSL, follow the instructions to
141+
{ref}/configuring-tls.html#tls-transport[encrypt communications between nodes]. As part of this configuration, explicitly set
142+
`xpack.security.transport.ssl.enabled` as `true`.
143+
144+
For example:
145+
[source,yaml]
146+
--------------------------------------------------
147+
xpack.security.transport.ssl.enabled: true <1>
148+
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
149+
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
150+
--------------------------------------------------
151+
<1> or `false`.
152+
====
153+
154+
[[tls-ssl-http-enabled-required]]
155+
.The `xpack.security.http.ssl.enabled` setting will be required to configure `xpack.security.http.ssl` settings.
156+
[%collapsible]
157+
====
158+
*Details* +
159+
Configuring any SSL settings for `xpack.security.http.ssl` without also
160+
configuring `xpack.security.http.ssl.enabled` generates warnings in the
161+
deprecation log. In 8.0, this configuration will result in errors.
162+
163+
*Impact* +
164+
To avoid deprecation warnings, either:
165+
166+
* Explicitly set `xpack.security.http.ssl.enabled` as `false`
167+
* Discontinue use of other `xpack.security.http.ssl` settings
168+
169+
If you want to enable SSL, follow the instructions to
170+
{ref}/configuring-tls.html#tls-http[encrypt HTTP client communications for {es}]. As part
171+
of this configuration, explicitly set `xpack.security.http.ssl.enabled`
172+
as `true`.
173+
174+
For example:
175+
[source,yaml]
176+
--------------------------------------------------
177+
xpack.security.http.ssl.enabled: true <1>
178+
xpack.security.http.ssl.certificate: elasticsearch.crt
179+
xpack.security.http.ssl.key: elasticsearch.key
180+
xpack.security.http.ssl.certificate_authorities: [ "corporate-ca.crt" ]
181+
--------------------------------------------------
182+
<1> or `false`.
183+
====
184+
185+
[[tls-ssl-transport-cert-required]]
186+
.A `xpack.security.transport.ssl` certificate and key will be required to enable SSL for the transport interface.
187+
[%collapsible]
188+
====
189+
*Details* +
190+
Enabling SSL for the transport interface without also configuring a certificate
191+
and key through use of the `xpack.security.transport.ssl.keystore.path`
192+
setting or the `xpack.security.transport.ssl.certificate` and
193+
`xpack.security.transport.ssl.key` settings generates warnings in the
194+
deprecation log. In 8.0, this configuration will result in errors.
195+
196+
*Impact* +
197+
If `xpack.security.transport.ssl.enabled` is set to `true`, provide a
198+
certificate and key using the `xpack.security.transport.ssl.keystore.path`
199+
setting or the `xpack.security.transport.ssl.certificate` and
200+
`xpack.security.transport.ssl.key` settings. If a certificate and key is not
201+
provided, {es} will generate warnings in the deprecation log.
202+
====
203+
204+
[[tls-ssl-http-cert-required]]
205+
.A `xpack.security.http.ssl` certificate and key will be required to enable SSL for the HTTP layer.
206+
[%collapsible]
207+
====
208+
*Details* +
209+
Enabling SSL for the HTTP layer without also configuring a certificate and key
210+
through use of the `xpack.security.http.ssl.keystore.path` setting or
211+
the `xpack.security.http.ssl.certificate` and `xpack.security.http.ssl.key`
212+
settings generates warnings in the deprecation log. In 8.0, this configuration
213+
will result in errors.
214+
215+
*Impact* +
216+
If `xpack.security.http.ssl.enabled` is set to `true`, provide a
217+
certificate and key using the `xpack.security.http.ssl.keystore.path`
218+
setting or the `xpack.security.http.ssl.certificate` and
219+
`xpack.security.http.ssl.key` settings. If a certificate and key is not
220+
provided, {es} will generate warnings in the deprecation log.
221+
====
222+
120223
[discrete]
121224
[[breaking_78_settings_changes]]
122225
=== Settings changes

0 commit comments

Comments
 (0)