elastic · jbudz · Jan 6, 2025
@@ -12,4 +12,4 @@
 --dns-result-order=ipv4first
 
 ## enable OpenSSL 3 legacy provider
---openssl-legacy-provider
+#--openssl-legacy-provider
diff --git a/docs/user/production-considerations/production.asciidoc b/docs/user/production-considerations/production.asciidoc
@@ -123,7 +123,5 @@ The option accepts a limit in MB:
 [[openssl-legacy-provider]]
 === OpenSSL Legacy Provider
 
-Starting in 8.10.0, {kib} has upgraded its runtime environment, Node.js, from version 16 to version 18 and with it the underlying version of OpenSSL to version 3.
-Algorithms deemed legacy by OpenSSL 3 have been re-enabled to avoid potential breaking changes in a minor version release of {kib}.
-If SSL certificates configured for {kib} are not using any of the legacy algorithms mentioned in the https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html[OpenSSL legacy provider documentation],
-we recommend disabling this setting by removing `--openssl-legacy-provider` in the `node.options` config file.
+If SSL certificates configured for {kib} are using any of the legacy algorithms mentioned in the https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html[OpenSSL legacy provider documentation],
+`--openssl-legacy-provider` can be set in the `node.options` config file.
@@ -171,9 +171,6 @@ COPY --chown=1000:0 config/kibana.yml /usr/share/kibana/config/kibana.yml
 {{#serverless}}
 ENV PROFILER_SIGNAL=SIGUSR1
 {{/serverless}}
-{{^opensslLegacyProvider}}
-RUN sed 's/\(--openssl-legacy-provider\)/#\1/' -i config/node.options
-{{/opensslLegacyProvider}}
 
 # Add the launcher/wrapper script. It knows how to interpret environment
 # variables and translate them to Kibana CLI options.