Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for TLS v1.3 #5133

Merged
merged 5 commits into from
Oct 12, 2023
Merged

Support for TLS v1.3 #5133

merged 5 commits into from
Oct 12, 2023

Conversation

kajetan-nobel
Copy link
Contributor

Description

Adds support to TLS v1.3

Issues Resolved

closes #838

Testing the changes

  1. Create a certificate that fulfills the requirements
  2. Fill needed configuration in config/opensearch_dashboards.yml
opensearch.ssl.verificationMode: full
server.ssl.enabled: true
server.ssl.certificate: <path/to/client.pem>
server.ssl.key: <path/to/client-key.pem>
server.ssl.certificateAuthorities: <path/to/root-ca.pem>
opensearch.ssl.certificateAuthorities: <path/to/root-ca.pem>
  1. Run dashboards

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@kajetan-nobel
feat: adds support for TLSv1.3
4e8474a 
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
@kajetan-nobel
Merge remote-tracking branch 'origin/main' into support-tls-13
6243eee 
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
@kajetan-nobel
feat: update changelog
46366c7 
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
@codecov
Copy link

codecov bot commented Sep 27, 2023
edited
Loading

Codecov Report

Merging #5133 (a0bc908) into main (b3104ce) will increase coverage by 0.03%.
Report is 1 commits behind head on main.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #5133      +/-   ##
==========================================
+ Coverage   66.74%   66.77%   +0.03%     
==========================================
  Files        3284     3284              
  Lines       63095    63095              
  Branches    10049    10049              
==========================================
+ Hits        42110    42130      +20     
- Misses      18488    18496       +8     
+ Partials     2497     2469      -28
Flag Coverage Δ
Linux_1 35.26% <ø> (ø)
Linux_2 55.24% <ø> (?)
Linux_3 43.84% <ø> (-0.01%) ⬇️
Linux_4 35.36% <ø> (ø)
Windows_1 35.27% <ø> (ø)
Windows_2 55.20% <ø> (ø)
Windows_3 ?
Windows_4 35.36% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
...er/core_usage_data/core_usage_data_service.mock.ts 71.42% <ø> (ø)
src/core/server/http/ssl_config.ts 92.15% <ø> (ø)

... and 14 files with indirect coverage changes

@kajetan-nobel
Merge branch 'main' into support-tls-13
fcc940c 
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
@kajetan-nobel
Copy link
Contributor Author

Can any other maintainers of this repository review this PR for me please? Thank you.

@davidlago
Copy link

@seanneumann could you please help us get this one reviewed? thanks!

@kajetan-nobel
Merge branch 'main' into support-tls-13
a0bc908 
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
@kajetan-nobel
Copy link
Contributor Author

A recent main has been merged, a review will be really appreciated 😅 . Thanks!

@AMoo-Miki AMoo-Miki self-assigned this Oct 12, 2023
@AMoo-Miki
Copy link
Collaborator

Prior to the change:

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 http/1.1 (offered)

With this PR and after including server.ssl.supportedProtocols: ["TLSv1.3"]

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

@AMoo-Miki AMoo-Miki merged commit f28b729 into opensearch-project:main Oct 12, 2023
57 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 12, 2023
@github-actions
Support for TLS v1.3 (#5133)
e59c38d 
* feat: adds support for TLSv1.3

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>

* feat: update changelog

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>

---------

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
(cherry picked from commit f28b729)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 12, 2023
Merged
willie-hung pushed a commit to willie-hung/OpenSearch-Dashboards that referenced this pull request Oct 12, 2023
@kajetan-nobel @willie-hung
Support for TLS v1.3 (opensearch-project#5133)
2fc19bb 
* feat: adds support for TLSv1.3

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>

* feat: update changelog

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>

---------

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
Signed-off-by: Willie Hung <willie880201044@gmail.com>
manasvinibs pushed a commit that referenced this pull request Oct 18, 2023
@github-actions @manasvinibs
Support for TLS v1.3 (#5133)
9e1cee0 
* feat: adds support for TLSv1.3

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>

* feat: update changelog

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>

---------

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
(cherry picked from commit f28b729)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
@ananzh ananzh added the v2.12.0 label Nov 17, 2023
ananzh pushed a commit that referenced this pull request Dec 13, 2023
@opensearch-trigger-bot @github-actions @AMoo-Miki
Support for TLS v1.3 (#5133) (#5285)
577bd67 
* feat: adds support for TLSv1.3
* feat: update changelog
---------

Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
(cherry picked from commit f28b729)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Miki <miki@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ananzh ananzh ananzh approved these changes

@AMoo-Miki AMoo-Miki AMoo-Miki approved these changes

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@seanneumann seanneumann Awaiting requested review from seanneumann

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@kristenTian kristenTian Awaiting requested review from kristenTian

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs manasvinibs is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@BSFishy BSFishy Awaiting requested review from BSFishy

@curq curq Awaiting requested review from curq curq is a code owner

Assignees

@AMoo-Miki AMoo-Miki

Labels
backport 2.x first-time-contributor v2.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for tls v1.3 in opensearch-dashboards
4 participants
@kajetan-nobel @davidlago @AMoo-Miki @ananzh