Remove all fallback in SSL settings #29797
Assignees
Labels
Comments
jaymode
added a commit
to jaymode/elasticsearch
that referenced
this issue
Dec 13, 2018
This commit removes the fallback for SSL settings. While this may be seen as a non user friendly change, the intention behind this change is to simplify the reasoning needed to understand what is actually being used for a given SSL configuration. Each configuration now needs to be explicitly specified as there is no global configuration or fallback to some other configuration. Closes elastic#29797
jaymode
added a commit
that referenced
this issue
Jan 14, 2019
This commit removes the fallback for SSL settings. While this may be seen as a non user friendly change, the intention behind this change is to simplify the reasoning needed to understand what is actually being used for a given SSL configuration. Each configuration now needs to be explicitly specified as there is no global configuration or fallback to some other configuration. Closes #29797
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original comment by @jaymode:
The use of fallback in the SSL settings for x-pack security and shield has always been a bit of a nightmare in my opinion (I think @rjernst would agree) and causes confusion for users. While it seems like it is a good idea at first to just fall back to one config, there are issues where maybe this is not what is desired and we're kind of guessing that this is what the user wants. Additionally, this complicates a lot of code and sometimes the code is hard to reason about due to this.
For 7.0 we should remove any sense of fallback for SSL completely and require the settings to be configured explicitly for everything that needs it. If you need SSL for a ldap realm, configure ssl for the ldap realm; ssl for a monitoring exporter, configure it there; etc.
The text was updated successfully, but these errors were encountered: