Confusing error message "Transport client authentication no longer supported"

The error message Transport client authentication no longer supported hit me today when installing OpenSearch 2.1.0 on a new set of servers.
I used an ansible playbook based on the one in the github repo and I’ve used it successfully on other environments earlier but never got this message.
My error was due to a faulty plugins.security.nodes_dn configuration but the error message was pointing me in a completely different direction.
Please, is it possible to change the error message so it doesn’t make you think that TLS with cert authentication is deprecated for transport on (default) port 9300?

2 Likes

@pitch The Transport client auth/auth has been deprecated in OpenSearch 2.x.
What is missing in the message is the clarification that this doesn’t relate to node certificates. OpenSearch nodes still communicate on the transport layer (9300 -9400) over HTTPS.

I suggest reporting this to OpenSearch Security plugin GitHub.