Update Documentation - TLS configuration of the Elastic Package Registry

Question

Update Documentation - TLS configuration of the Elastic Package Registry

Closed this issue 4 months ago · 4 comments

Request to update This doc which includes information about TLS configuration of the Elastic Package Registry. However, we don't see anything specific about the TLS version settings.

To force >= 1.2, Package Registry needs to be run with EPR_TLS_MIN_VERSION=1.2.

Answer 1 · 2024-09-03T12:55:32.000Z

@kilfoyle - FYI I transferred this from package-registry to ingest-docs. @jsoriano can you confirm the above note about TLS versions is relevant + accurate and add anything else that we might need to get these docs updated?

Answer 2 · 2024-09-03T13:44:58.000Z

We might say that Package Registry supports min TLS from 1.0 to 1.3, and defaults to 1.0.
In the next release the default will change to 1.2. It relies for defaults on the Go implementation https://pkg.go.dev/crypto/tls#Config.

Answer 3 · 2024-09-03T14:47:57.000Z

Thanks @jsoriano! I've opened #1280 to add this to the docs.

In the next release the default will change to 1.2.

Will this be for 8.16? If so, I'll open a separate PR for that.

Answer 4 · 2024-09-03T16:27:41.000Z

@kharsalan Thanks for reporting this! The page you mentioned will be updated via #1280