Getting Vulnerability for the Elastic 9200 SSL/TLS

Hello ,

I am using the Elasticsearch version 7.10.2 .For security assessment we have scanned with the Green bone Vulnerability scanner,but after scanning getting with the SSL.TLS as

SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability

Any suggestion ,how to overcome this vulnerability.



i would presume that this is related to the key(s) you’re using for TLS - you’ll need to generate a key with a bigger key size (or use something other than DH, e.g. elliptic curves) and use that?

Thanks for reply,

Here i am using the following commands to create the certs for elasticsearch

mkdir /etc/elasticsearch/certs

cd /etc/elasticsearch/certs

curl -so ~/

unzip ~/ -d ~/searchguard

curl -so ~/searchguard/search-guard.yml

~/searchguard/tools/ -c ~/searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/
By the above process the certs for elasticsearch is creating ,here which file we need to changes the keysize to bigger.

If possible can you please provide some example/ref link to check on it