I am checking how to enable TLS encryption for connection between OtlpHttpExporter and Otel Collector. I found that exporter should supports https endpoint address, but it does not allow to configure TLS options. As a minimum I have to specify custom root CA certificate file. I also would like to enforce TLS 1.2+ and selected ciphers. Please add such configuration options for exporter.
I found that grpc exporter allows to specify path to CA certificates using ssl_credentials_cacert_path option or OTEL_EXPORTER_OTLP_CERTIFICATE env var. However it also does now allow to specify minimum TLS version and ciphers list: https://github.com/open-telemetry/opentelemetry-cpp/tree/main/exporters/otlp
I suspect that this may require some changes to OTEL specification too.
I am checking how to enable TLS encryption for connection between
OtlpHttpExporterand Otel Collector. I found that exporter should supports https endpoint address, but it does not allow to configure TLS options. As a minimum I have to specify custom root CA certificate file. I also would like to enforce TLS 1.2+ and selected ciphers. Please add such configuration options for exporter.I found that grpc exporter allows to specify path to CA certificates using
ssl_credentials_cacert_pathoption orOTEL_EXPORTER_OTLP_CERTIFICATEenv var. However it also does now allow to specify minimum TLS version and ciphers list: https://github.com/open-telemetry/opentelemetry-cpp/tree/main/exporters/otlpI suspect that this may require some changes to OTEL specification too.