Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS settings for OtlpHttpExporter #1756

Closed
sirzooro opened this issue Nov 9, 2022 · 5 comments · Fixed by #1793
Closed

TLS settings for OtlpHttpExporter #1756

sirzooro opened this issue Nov 9, 2022 · 5 comments · Fixed by #1793
Assignees
@marcalff
Labels
do-not-stale

Comments

@sirzooro
Copy link

sirzooro commented Nov 9, 2022

I am checking how to enable TLS encryption for connection between OtlpHttpExporter and Otel Collector. I found that exporter should supports https endpoint address, but it does not allow to configure TLS options. As a minimum I have to specify custom root CA certificate file. I also would like to enforce TLS 1.2+ and selected ciphers. Please add such configuration options for exporter.

I found that grpc exporter allows to specify path to CA certificates using ssl_credentials_cacert_path option or OTEL_EXPORTER_OTLP_CERTIFICATE env var. However it also does now allow to specify minimum TLS version and ciphers list: https://github.com/open-telemetry/opentelemetry-cpp/tree/main/exporters/otlp

I suspect that this may require some changes to OTEL specification too.
@lalitb
Copy link
Member

lalitb commented Nov 9, 2022
edited
Loading

This is blocked for - #389

As of now, the our HTTP Client doesn't have provision to supply the root ca certificate (for server authentication), and client certificate chain (for client authentication) during HTTP(S) handshake.

However it also does now allow to specify minimum TLS version and ciphers list

Yes this would require a changes in OTEL specification, if you would like to initiate the discussion there.

@lalitb lalitb added the issue:blocked Fix blocked, waiting for other fixes as prerequisites label Nov 9, 2022
@lalitb lalitb mentioned this issue Nov 9, 2022
Closed
@sirzooro
Copy link
Author

sirzooro commented Nov 9, 2022

Yes this would require a changes in OTEL specification, if you would like to initiate the discussion there.

Done: open-telemetry/opentelemetry-specification#2932

@sirzooro sirzooro mentioned this issue Nov 18, 2022
Closed
@lalitb
Copy link
Member

lalitb commented Nov 21, 2022

Refer : https://github.com/open-telemetry/opentelemetry-cpp/pull/938/files

@marcalff marcalff self-assigned this Nov 21, 2022
@marcalff
Copy link
Member

marcalff commented Jan 4, 2023

@sirzooro

Please check #1793 and comment.

This PR implements the first step, to fix #389, with placeholders for TLS.

Regards.

@github-actions
Copy link

github-actions bot commented Mar 6, 2023

This issue was marked as stale due to lack of activity.

@github-actions github-actions bot added the Stale label Mar 6, 2023
@lalitb lalitb added do-not-stale and removed Stale labels Mar 6, 2023
@marcalff marcalff mentioned this issue Mar 12, 2023
Merged
5 tasks
@marcalff marcalff removed the issue:blocked Fix blocked, waiting for other fixes as prerequisites label Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcalff marcalff

Labels
do-not-stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[EXPORTER] Add OTLP HTTP SSL support marcalff/opentelemetry-cpp
3 participants
@lalitb @sirzooro @marcalff