실행확인
elasticsearch@5f61a9282584:/usr/share$ curl --cacert /usr/share/elasticsearch/config/certs/http_ca.crt -u elastic https://localhost:9200
응답이 아래와 같음....정상적이지 않다.
Enter host password for user 'elastic':
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
아래 참고글을 읽으며 ES랑 Kibana 서버에서 실행한 결과는 동일했다.
elasticsearch@5f61a9282584:/usr/share$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3
elasticsearch@5f61a9282584:/usr/share$ openssl ciphers -v | awk '{print $2, $1}' | sort -u
SSLv3 AES128-SHA
SSLv3 AES256-SHA
SSLv3 DHE-PSK-AES128-CBC-SHA
SSLv3 DHE-PSK-AES256-CBC-SHA
SSLv3 DHE-RSA-AES128-SHA
SSLv3 DHE-RSA-AES256-SHA
SSLv3 PSK-AES128-CBC-SHA
SSLv3 PSK-AES256-CBC-SHA
SSLv3 RSA-PSK-AES128-CBC-SHA
SSLv3 RSA-PSK-AES256-CBC-SHA
SSLv3 SRP-AES-128-CBC-SHA
SSLv3 SRP-AES-256-CBC-SHA
SSLv3 SRP-RSA-AES-128-CBC-SHA
SSLv3 SRP-RSA-AES-256-CBC-SHA
TLSv1 DHE-PSK-AES128-CBC-SHA256
TLSv1 DHE-PSK-AES256-CBC-SHA384
TLSv1 ECDHE-ECDSA-AES128-SHA
TLSv1 ECDHE-ECDSA-AES256-SHA
TLSv1 ECDHE-PSK-AES128-CBC-SHA
TLSv1 ECDHE-PSK-AES128-CBC-SHA256
TLSv1 ECDHE-PSK-AES256-CBC-SHA
TLSv1 ECDHE-PSK-AES256-CBC-SHA384
TLSv1 ECDHE-RSA-AES128-SHA
TLSv1 ECDHE-RSA-AES256-SHA
TLSv1 PSK-AES128-CBC-SHA256
TLSv1 PSK-AES256-CBC-SHA384
TLSv1 RSA-PSK-AES128-CBC-SHA256
TLSv1 RSA-PSK-AES256-CBC-SHA384
TLSv1.2 AES128-GCM-SHA256
TLSv1.2 AES128-SHA256
TLSv1.2 AES256-GCM-SHA384
TLSv1.2 AES256-SHA256
TLSv1.2 DHE-PSK-AES128-GCM-SHA256
TLSv1.2 DHE-PSK-AES256-GCM-SHA384
TLSv1.2 DHE-PSK-CHACHA20-POLY1305
TLSv1.2 DHE-RSA-AES128-GCM-SHA256
TLSv1.2 DHE-RSA-AES128-SHA256
TLSv1.2 DHE-RSA-AES256-GCM-SHA384
TLSv1.2 DHE-RSA-AES256-SHA256
TLSv1.2 DHE-RSA-CHACHA20-POLY1305
TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
TLSv1.2 ECDHE-ECDSA-AES128-SHA256
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
TLSv1.2 ECDHE-ECDSA-AES256-SHA384
TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
TLSv1.2 ECDHE-RSA-AES128-SHA256
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
TLSv1.2 ECDHE-RSA-AES256-SHA384
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
TLSv1.2 PSK-AES128-GCM-SHA256
TLSv1.2 PSK-AES256-GCM-SHA384
TLSv1.2 PSK-CHACHA20-POLY1305
TLSv1.2 RSA-PSK-AES128-GCM-SHA256
TLSv1.2 RSA-PSK-AES256-GCM-SHA384
TLSv1.2 RSA-PSK-CHACHA20-POLY1305
TLSv1.3 TLS_AES_128_GCM_SHA256
TLSv1.3 TLS_AES_256_GCM_SHA384
TLSv1.3 TLS_CHACHA20_POLY1305_SHA256
elasticsearch@5f61a9282584:/$ openssl version
OpenSSL 1.1.1f 31 Mar 2020
elasticsearch@5f61a9282584:/$ curl --cacert /usr/share/elasticsearch/config/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health
Enter host password for user 'elastic':
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
elasticsearch@5f61a9282584:/$
참고)
https://caingwiz.tistory.com/58
[ Apache-Error ] SSL3_GET_RECORD:wrong version number(OpenSSL)
2020년 브라우저 vendor사 TLS Protocol 규제에 따른 사이드 이펙트로 인한 특정 서버들의 OS버전업/JDK버전업/OpenSSL프로토콜 버전업이 이루어졌다. 이로 인한 여러 오류들을 확인 할 수 있었으며, WEB영
caingwiz.tistory.com
'Infra > 검색엔진' 카테고리의 다른 글
| 용어 정리 (0) | 2023.10.31 |
|---|---|
| EL 구조 (0) | 2023.10.27 |
| EL 에서 데이터 입력/조회/삭제/업데이트 테스트 (0) | 2023.10.27 |
| EL과 RDB 비교 (0) | 2023.10.27 |
| kibana 설치하기 (8.7.0) (0) | 2023.08.30 |
댓글