Version: Search Guard 5 / This is an older version of Search Guard. Switch to Latest version
OpenSSL setup
Search Guard supports OpenSSL. Using OpenSSL will result in better performance and better support for strong and modern cipher suites when compared JCE. We recommend to use OpenSSL for production systems.
Enabling OpenSSL
Dynamically linked
(Open SSL and Apache Portable Runtime (apr) needs to be installed)
-
If you are on Alpine Linux please refer to this post. We recommend to use our statically linked version below because Alpine comes normally with LibreSSL instead of OpenSSL installed. LibreSSL may work but is not officially supported and untested. Also make sure you have installed ‘libuuid’ on Alpine accoring to this post
-
Open SSL on Windows may work but is not officially supported and untested. Refer to netty-tcnative wiki for more infos.
- Install latest 1.0.2 OpenSSL version on every node (1.0.1 does also work but is outdated and may lack hostname validation functionality). OpenSSL 1.1.x is not supported currently.
- Install APR - Apache Portable Runtime on every node
- https://apr.apache.org
- On Debian/Ubuntu, Apache Portable Runtime can be installed with
sudo apt-get install libapr1
- On RHEL/CentOS/Fedora, Apache Portable Runtime can be installed with
sudo yum install apr
- Download netty-tcnative for your platform and Search Guard version
- Linux (non fedora based):
_linux-x86_64.jar_
(Debian, Ubuntu, …) - Fedora based linux:
_linux-x86_64-fedora.jar_
(RHEL, CentOS, Fedora) - Mac:
_osx-x86_64.jar_
- Windows:
_windows-x86_64.jar_
- Alpine: Compile it yourself (or use statically linked version below)
- Linux (non fedora based):
- Search Guard 5.4.1 and higher (Open SSL 1.0.2):
- Version: 2.0.5.Final (compiled against Open SSL 1.0.2 which supports hostname validation)
- Download for Debian/Ubuntu
- Download for CentOS/RHEL/Fedora
- Put it into the elasticsearch
plugins/search-guard-5/
folder on every node
- Search Guard 5.4.1 and higher (Open SSL 1.0.1):
- Version: 2.0.5.Final (compiled against Open SSL 1.0.1 which lacks hostname validation)
- http://repo1.maven.org/maven2/io/netty/netty-tcnative/2.0.5.Final
- Choose the correct version for you platform, one of
_linux-x86_64.jar_
,_linux-x86_64-fedora.jar_
,_osx-x86_64.jar_
or_windows-x86_64.jar_
- Put it into the elasticsearch
plugins/search-guard-5/
folder on every node
- Search Guard 5.4.0 (Open SSL 1.0.2): (2.0.0.Final has known bugs and memory leaks!!)
- Version: 2.0.0.Final (compiled against Open SSL 1.0.2 which supports hostname validation)
- Download for Debian/Ubuntu
- Download for CentOS/RHEL/Fedora
- Put it into the elasticsearch
plugins/search-guard-5/
folder on every node
- Search Guard 5.4.0 (Open SSL 1.0.1): (2.0.0.Final has known bugs and memory leaks!!)
- Version: 2.0.0.Final (compiled against Open SSL 1.0.1 which lacks hostname validation)
- http://repo1.maven.org/maven2/io/netty/netty-tcnative/2.0.0.Final
- Choose the correct version for you platform, one of
_linux-x86_64.jar_
,_linux-x86_64-fedora.jar_
,_osx-x86_64.jar_
or_windows-x86_64.jar_
- Put it into the elasticsearch
plugins/search-guard-5/
folder on every node
- Search Guard 5.2/5.3:
- Version: 1.1.33.Fork25
- http://repo1.maven.org/maven2/io/netty/netty-tcnative/1.1.33.Fork25
- Choose the correct version for you platform, one of
_linux-x86_64.jar_
,_linux-x86_64-fedora.jar_
,_osx-x86_64.jar_
or_windows-x86_64.jar_
- Put it into the elasticsearch
plugins/search-guard-5/
folder on every node
- Search Guard 5.0/5.1:
- Version: 1.1.33.Fork23
- http://repo1.maven.org/maven2/io/netty/netty-tcnative/1.1.33.Fork23
- Choose the correct version for you platform, one of
_linux-x86_64.jar_
,_linux-x86_64-fedora.jar_
,_osx-x86_64.jar_
or_windows-x86_64.jar_
- Search Guard 2:
- Version: 1.1.33.Fork17
- http://repo1.maven.org/maven2/io/netty/netty-tcnative/1.1.33.Fork17/
- Choose the correct version for you platform, one of
_linux-x86_64.jar_
,_linux-x86_64-fedora.jar_
,_osx-x86_64.jar_
or_windows-x86_64.jar_
- Put it into the elasticsearch
plugins/searchguard-ssl/
folder on every node
If you update the plugin (or re-install it after removal) don’t forget to add netty-tcnative .jar again
Statically linked (Linux only)
(Does not need Open SSL/Apache Portable Runtime (apr) to be installed on the server)
- Search Guard 5.4.1 and higher:
- Search Guard 5.4.0: (2.0.0.Final has known bugs and memory leaks!!)
- Search Guard 5.2/5.3:
- Search Guard 5.0/5.1:
- Search Guard 2:
Put it into the elasticsearch plugins/search-guard-ssl/
or plugins/search-guard-5/
folder on every node
If you update the plugin (or re-install it after removal) don’t forget to add netty-tcnative .jar again
LibreSSL
May work well but not officially supported. We have a few static builds here but only consider to use them if you run in trouble with OpenSSL.
BoringSSL
May work well but not officially supported. Binaries are provided here by the netty project.