Add TLS 1.3 Support #26379
Comments
kobelb
added
Team:Security
|
Pinging @elastic/kibana-security |
|
Please note that updating OpenSSL 1.1.1 and supporting TLSv1.3 are two seperate steps. We are close to 1.1.1, but TLSv1.3 behaves differently enough from v1.2 that it does not currently work. |
|
Gotcha, thanks for the heads up @sam-github, I should have read nodejs/node#21304 more closely. Is there another issue that we should be tracking for the TLSv1.3 support? |
|
nodejs/node#18770 is the one to follow. When openssl1.1.1a lands, work will continue, as will conversation, somewhere, not sure where, but a note will be posted in 18770 pointing where to go to follow along. |
|
Fantastic, thanks so much @sam-github! |
|
@kobelb bump as node is ready |
|
This upgrade will be required by Fleet. We need the faster TLS handshake to reach our performance goals |
|
I could be wrong, but based on the docs and quick testing on my end, Node @elastic/kibana-operations do we have plans to bump Node to version 11 or beyond in the near future? |
|
I can confirm, 10.x does not support TLS1.3, and is unlikely to. Backporting was pretty hard. 11.x is EOL, I'd suggest not using it. 12.x has TLS1.3, and will go into LTS on Oct 22nd, 2019, but you can start using it now. |
Once NodeJS updates to OpenSSL 1.1.1 and TLS 1.3 is supported, we should add support in Kibana and have it enabled by default. The following issue tracks the the OpenSSL 1.1.1 support nodejs/node#18770.
The text was updated successfully, but these errors were encountered: