Description
Original comment by @jaymode:
The use of fallback in the SSL settings for x-pack security and shield has always been a bit of a nightmare in my opinion (I think @rjernst would agree) and causes confusion for users. While it seems like it is a good idea at first to just fall back to one config, there are issues where maybe this is not what is desired and we're kind of guessing that this is what the user wants. Additionally, this complicates a lot of code and sometimes the code is hard to reason about due to this.
For 7.0 we should remove any sense of fallback for SSL completely and require the settings to be configured explicitly for everything that needs it. If you need SSL for a ldap realm, configure ssl for the ldap realm; ssl for a monitoring exporter, configure it there; etc.