Getting Vulnerability for the Elastic 9200 SSL/TLS

Hello ,

I am using the Elasticsearch version 7.10.2 .For security assessment we have scanned with the Green bone Vulnerability scanner,but after scanning getting with the SSL.TLS as

SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability

Any suggestion ,how to overcome this vulnerability.

Thanks,

Screenshot_3

i would presume that this is related to the key(s) you’re using for TLS - you’ll need to generate a key with a bigger key size (or use something other than DH, e.g. elliptic curves) and use that?

Thanks for reply,

Here i am using the following commands to create the certs for elasticsearch

mkdir /etc/elasticsearch/certs

cd /etc/elasticsearch/certs

curl -so ~/search-guard-tlstool-1.8.zip https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip

unzip ~/search-guard-tlstool-1.8.zip -d ~/searchguard

curl -so ~/searchguard/search-guard.yml https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/searchguard/search-guard-aio.yml

~/searchguard/tools/sgtlstool.sh -c ~/searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/
By the above process the certs for elasticsearch is creating ,here which file we need to changes the keysize to bigger.

If possible can you please provide some example/ref link to check on it

Thanks…