[Feature] Add the possibility of disabling encryption on Transport layer

[spapadop]

Is your feature request related to a problem? We have deployed OpenSearch clusters behind a firewall. We do not need/want to have encryption on transport layer in order to prioritize performance. However, there is no plugins.security.ssl.transport.enabled setting, as you currently prefer to have it always enabled, I guess for security reasons. https://opensearch.org/docs/latest/security/configuration/index/#reconfigure-opensearchyml-to-use-your-certificates

What solution would you like? Make plugins.security.ssl.transport.enabled configurable. Of course, it should be enabled by default, but still give us the option of disabling it.

What alternatives have you considered? There are no alternatives.

[reta]

It seems like it is supported already? See https://github.com/opensearch-project/security/issues/2414 please

[spapadop]

This question was raised during the relevant session on OpenSearchCon (presented by @DarshitChanpura and @derek-ho), who led me to raising this issue.

https://github.com/opensearch-project/security/issues/2414 and relevant issues discussions seem interesting, but still the feature is not supported. Going through these issues it seems like there was strong desire from the community to push this forward however it never truly got implemented.

[cwperks]

Its currently not possible to disable transport-level encryption. See comment here.

I would accept a PR that makes plugins.security.ssl.transport.enabled functional again. The main problem I see is that it would remove support for the nodes_dn list (See here or here) and there would be no security for what nodes can join a cluster.

[cwperks]

[Triage] This sounds like a good feature request that was not fully implemented in past PRs. Marking this as triaged.