[Fleet Server] Document how to change SSL/TLS settings of Fleet Server input #3573
Description
I struggle to see a documentation about how to change the SSL/TLS settings for the Fleet Server "input". The only page detailing the Fleet Server settings is https://www.elastic.co/docs/reference/fleet/fleet-server-scalability, but it doesn't mention SSL/TLS settings.
- We should document the page to edit the Fleet Server settings:
Those settings render to:
- id: fleet-server-fleet_server-8a46a78e-25cc-4564-9705-ebe9371a2515
name: fleet_server-2
revision: 2
type: fleet-server
use_output: default
meta:
package:
name: fleet_server
version: 1.6.0
data_stream:
namespace: default
package_policy_id: 8a46a78e-25cc-4564-9705-ebe9371a2515
unused_key: not_used
server:
runtime:
gc_percent: 20
ssl:
enabled: true
cipher_suites:
- ECDHE-RSA-AES-256-GCM-SHA384
- ECDHE-RSA-AES-128-GCM-SHA256
- ECDHE-ECDSA-AES-256-GCM-SHA384
- ECDHE-ECDSA-AES-128-GCM-SHA256
supported_protocols:
- TLSv1.2
-
We should warn about the risks of tweaking such settings, whcih can cause all the connected Elastic Agents to fail check-in in. We already do in few pages such as here
-
We should also check and document how to provide the similar settings since the Fleet Server via CLI, telling if there are CLI Flags to provide the cipher suites and supported protocols in https://www.elastic.co/docs/reference/fleet/secure-connections