OpenSearch Dashboards support for TLS1.3

Does OpenSearch Dashboards support TLS1.3? In Kibana, it is only supported on 7.11.0 and above.

It works fine though when I use TLS1.2.

I am using OpenSearch Dashboards 1.3.2 and I got the below error. The config is also shown below.

Config:
server.ssl.supportedProtocols: [“TLSv1.3”]

Error Message:
Error: [config validation of [server].ssl.supportedProtocols.0]: types that failed validation:

• [config validation of [server].ssl.supportedProtocols.0.0]: expected value to equal [TLSv1]
• [config validation of [server].ssl.supportedProtocols.0.1]: expected value to equal [TLSv1.1]
• [config validation of [server].ssl.supportedProtocols.0.2]: expected value to equal [TLSv1.2]

Thanks

@asfoorial OpenSearch Dashboards is a fork of Kibana 7.10.2. As you already know, that version of Kibana didn’t support TLSv1.3 and it was implemented in version 7.11.0.

I’ve checked the latest version of OpenSearch Dashboards 2.3.0 and TLSv1.3 is still not supported.
There is a bug reported in the OpenSearch Dashboards GitHub.

Thanks @pablo , in fact this brings another question. Is there any roadmap for bug and vulnerability fixing?

@asfoorial This is not a bug but missing functionality.
You can either open a new bug at OpenSearch Dashboards GitHub or comment on the existing one

Please be aware that this is not a security plugin issue but OpenSearch Dashboards itself.