The fix has been rolled out to all regions. We are monitoring the situation and if we do not see any further issues we will close the incident in 30 minutes.
Posted Oct 08, 2020 - 17:37 UTC
Update
As we’ve been making changes to disable TLS < 1.2 we found that there was a missing set of supported cipher suites: ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA
We were able to determine that this change affected less than 1% of overall traffic and the majority of clients are not affected.
Engineers are actively pushing a fix to correct the issue. We will post a follow up shortly as we make progress.
If you’re having issues around TLS negotiation or affected by the problem, please reach out to support@elastic.co.
Posted Oct 08, 2020 - 17:09 UTC
Investigating
As we’ve been making changes to disable TLS < 1.2 we have had reports of issues with TLS connections to clusters. We found that there was a change to the cipher suites that was inadvertently included in the changes we were rolling out and we are working on deploying a fix to correct the problem. As we work on the issue, we will post updates as we make progress.