Open spapadop opened 8 hours ago
It seems like it is supported already? See https://github.com/opensearch-project/security/issues/2414 please
This question was raised during the relevant session on OpenSearchCon (presented by @DarshitChanpura and @derek-ho), who led me to raising this issue.
https://github.com/opensearch-project/security/issues/2414 and relevant issues discussions seem interesting, but still the feature is not supported. Going through these issues it seems like there was strong desire from the community to push this forward however it never truly got implemented.
Is your feature request related to a problem? We have deployed OpenSearch clusters behind a firewall. We do not need/want to have encryption on transport layer in order to prioritize performance. However, there is no
plugins.security.ssl.transport.enabled
setting, as you currently prefer to have it always enabled, I guess for security reasons. https://opensearch.org/docs/latest/security/configuration/index/#reconfigure-opensearchyml-to-use-your-certificatesWhat solution would you like? Make
plugins.security.ssl.transport.enabled
configurable. Of course, it should be enabled by default, but still give us the option of disabling it.What alternatives have you considered? There are no alternatives.