TLS negotiation failure with rustls against ES 7.1.0 #362
Description
I'm using 0.21.pre4 against ES 7.1.0. TLS negotiation fails with 'no cipher suites in common'.
Looking at docs, the default cipher set for Java/elastic, even with the 'stronger' crypto modules enabled, don't include any GCM modes, mostly various bit-lengths of AES CBC modes. Meanwhile, rustls only includes ciphers with PFS, so there's nothing in common. Notionally I can add those to ES by editing config and digging through ES and Oracle doc links to find magic strings.
But the net result is that the elastic crate in default config won't talk to elasticsearch in default config with TLS, and that's probably not desirable as much as we'd prefer to have stronger ciphers used.
Workaround is instead to pull in reqwest directly in my own Cargo.toml to add back the default feature, so it links against native-tls (openssl) again.