I am using the Elasticsearch version 7.10.2 .For security assessment we have scanned with the Green bone Vulnerability scanner,but after scanning getting with the SSL.TLS as
SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability
Any suggestion ,how to overcome this vulnerability.
i would presume that this is related to the key(s) you’re using for TLS - you’ll need to generate a key with a bigger key size (or use something other than DH, e.g. elliptic curves) and use that?
~/searchguard/tools/sgtlstool.sh -c ~/searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/
By the above process the certs for elasticsearch is creating ,here which file we need to changes the keysize to bigger.
If possible can you please provide some example/ref link to check on it