OpenSSL wrong version

SoEgal · December 13, 2024, 2:48pm

2.12.0

I installed Ubuntu24.04 Desktop, Apache2, PHP8.3, MySql & phpMyAdmin.

Now I wanted to install OpenSearch 2.12.0

All is fine and it seams it’s running,

● opensearch.service - OpenSearch
     Loaded: loaded (/usr/lib/systemd/system/opensearch.service; enabled; preset: enabled)
     Active: active (running) since Fri 2024-12-13 15:02:32 CET; 5min ago
       Docs: https://opensearch.org/
   Main PID: 63367 (java)
      Tasks: 75 (limit: 9202)
     Memory: 1.3G (peak: 1.3G)
        CPU: 57.703s
     CGroup: /system.slice/opensearch.service
             └─63367 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.

but if I ask for

curl -X GET https://localhost:9200 -u 'MYPASSWORD' --insecure

I get the output

curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

I used at opensearch.yml all editing I did at my Ubuntu24.04 V-Server, without SSL.

cluster.name: mycluster
node.name: ${HOSTNAME}
network.host: 0.0.0.0
http.port: 9200
discovery.type: single-node
plugins.security.ssl.http.enabled: true
plugins.security.disabled: true

Do I have to install something more or are these security editings not correct? I tried all combinations of false and true.

What can I do?

Thanks in advance.

pablo · December 13, 2024, 8:46pm

@SoEgal Do you want to secure the connection to the cluster?
If so you need to configure certificates as per documentation.

SoEgal · December 14, 2024, 8:50am

Hello @pablo,

thanks for your reply.
I’m truly. I don’t know something about clusters and nodes. The only need is a search to install an online shop. My next question would be, if I need this this (clusters and nodes) to edit. I’m happy, that I get OpenSearch to run, but don’t know about the functionality.
I’m testing many edits, look if I have error messages and try to solve it. Many said to illustrate the situation.

I only want to get basic settings that it run save and secured. I don’t want to be open for attacks.

For this situation, could you tell me the editings in opensearch.yml and opensearch-dashboard.yml please?

The tsl settings I can’t realize at this point. My server has no ssl yet and my home-server is not online. I only need it for testing, at the moment.
If I go online, I’ll look for the tsl-configuration, if I need it for my using?

Thank you.

pablo · December 16, 2024, 10:13am

@SoEgal The shared curl output is expected.

By setting this option to false, you’ve disabled the security plugin in OpenSearch.
As a result, the curl must use HTTP instead of HTTPS.

If you’d like to secure your cluster, you could consider a docker compose deployment. The images of OpenSearch already contain self-signed certificates.
You can find working docker compose example in OpenSearch documentation.

Please set the admin password before running the docker compose as per documentation.

Topic		Replies	Views
Can't curl to opensearch server; wrong version number OpenSearch troubleshoot	4	1452	March 20, 2024
Error in OpenSearch SSL Configuration Security configure	3	2688	March 25, 2022
Opensearch configuration OpenSearch configure , install , security-issue	4	1161	June 16, 2023
Ssl3_get_record:wrong version error in opensearch-dashboards pod OpenSearch troubleshoot , install , security-issue	3	5884	November 9, 2023
Issue with OpenSearch dashboard TLS Configuration Security troubleshoot	14	2141	June 1, 2023

OpenSSL wrong version

Related topics