Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't implicitly enable security when TLS is enabled #38009

Closed
tvernum opened this issue Jan 30, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@tvernum
Copy link
Contributor

commented Jan 30, 2019

Because TLS is currently considered part of the security feature, we currently assume that if you enable TLS (e.g. xpack.security.transport.ssl.enabled: true) then you are opting-in to security features, and security is automatically enabled, even on trial license (where it is otherwise off by default).

We want to break the link between TLS and other security features (authc/authz), so we should stop doing this in 7.0

We should also deprecate this behaviour for 6.7

@elasticmachine

This comment has been minimized.

Copy link

commented Jan 30, 2019

tvernum added a commit that referenced this issue Feb 1, 2019

Remove heuristics that enable security on trial licenses (#38075)
In 6.3 trial licenses were changed to default to security
disabled, and ee added some heuristics to detect when security should
be automatically be enabled if `xpack.security.enabled` was not set.

This change removes those heuristics, and requires that security be
explicitly enabled (via the `xpack.security.enabled` setting) for
trial licenses.

Relates: #38009

tvernum added a commit to tvernum/elasticsearch that referenced this issue Feb 4, 2019

Deprecate implicit security on trial licenses
In 6.x security is implicitly enabled on a trial license if transport
SSL is enabled, or the trial is from pre-6.3.

This is no longer true on 7.0, so this behaviour is now deprecated.

Relates: elastic#38009, elastic#38075

tvernum added a commit that referenced this issue Feb 5, 2019

Deprecate implicit security on trial licenses (#38295)
In 6.x security is implicitly enabled on a trial license if transport
SSL is enabled, or the trial is from pre-6.3.

This is no longer true on 7.0, so this behaviour is now deprecated.

Relates: #38009, #38075
@tvernum

This comment has been minimized.

Copy link
Contributor Author

commented Feb 5, 2019

Resolved by #38075 and #38295

@tvernum tvernum closed this Feb 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.