You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem?
We have deployed OpenSearch clusters behind a firewall. We do not need/want to have encryption on transport layer in order to prioritize performance. However, there is no plugins.security.ssl.transport.enabled setting, as you currently prefer to have it always enabled, I guess for security reasons. https://opensearch.org/docs/latest/security/configuration/index/#reconfigure-opensearchyml-to-use-your-certificates
What solution would you like?
Make plugins.security.ssl.transport.enabled configurable. Of course, it should be enabled by default, but still give us the option of disabling it.
What alternatives have you considered?
There are no alternatives.
The text was updated successfully, but these errors were encountered:
This question was raised during the relevant session on OpenSearchCon (presented by @DarshitChanpura and @derek-ho), who led me to raising this issue.
#2414 and relevant issues discussions seem interesting, but still the feature is not supported. Going through these issues it seems like there was strong desire from the community to push this forward however it never truly got implemented.
Its currently not possible to disable transport-level encryption. See comment here.
I would accept a PR that makes plugins.security.ssl.transport.enabled functional again. The main problem I see is that it would remove support for the nodes_dn list (See here or here) and there would be no security for what nodes can join a cluster.
Is your feature request related to a problem?
We have deployed OpenSearch clusters behind a firewall. We do not need/want to have encryption on transport layer in order to prioritize performance. However, there is no
plugins.security.ssl.transport.enabled
setting, as you currently prefer to have it always enabled, I guess for security reasons.https://opensearch.org/docs/latest/security/configuration/index/#reconfigure-opensearchyml-to-use-your-certificates
What solution would you like?
Make
plugins.security.ssl.transport.enabled
configurable. Of course, it should be enabled by default, but still give us the option of disabling it.What alternatives have you considered?
There are no alternatives.
The text was updated successfully, but these errors were encountered: