SSL Elasticsearch

Elasticsearch by default does not support SSL on its transport layer, so that would be something you would have to add yourself. This requires new code on both the server and client side.

Fortunately, Elasticsearch is very modular at its source code, so it's possible to swap out the transport implementations rather easily by just adding one line to the configuration file.

Unfortunately, Elasticsearch uses a lot of private fields and methods that make it hard to just add a new feature to their existing implementation without re-implementing it all or copy/pasting large amounts of code. Additionally, Elasticsearch shades their Netty-includes and skips classes they don't use, which means that you have to include the required SSL+helper classes from a compatible Netty version yourself.

Found, a hosted Elasticsearch provider which has full SSL support using the Java transport client does this using this open source plugin, which you can probably use as an inspiration should you decide to implement it yourself.

Another different approach would be using stunnel ot take care of the SSL-specific parts between your machines instead of doing anything with Elasticsearch itself.