I am using the Elasticsearch version 7.10.2 .For security assessment we have scanned with the Green bone Vulnerability scanner,but after scanning getting with the SSL.TLS as
SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability
Any suggestion ,how to overcome this vulnerability.
i would presume that this is related to the key(s) you’re using for TLS - you’ll need to generate a key with a bigger key size (or use something other than DH, e.g. elliptic curves) and use that?
Thanks for reply,
Here i am using the following commands to create the certs for elasticsearch
curl -so ~/search-guard-tlstool-1.8.zip https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip
unzip ~/search-guard-tlstool-1.8.zip -d ~/searchguard
curl -so ~/searchguard/search-guard.yml https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/searchguard/search-guard-aio.yml
~/searchguard/tools/sgtlstool.sh -c ~/searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/
By the above process the certs for elasticsearch is creating ,here which file we need to changes the keysize to bigger.
If possible can you please provide some example/ref link to check on it