opensearch.hosts values cannot be IP address when using TLS

[gdiazlo]

Describe the bug

When we configure in opensearch_dashboards.yml the setting opensearch.hosts and the URL starts with https, the server complains that you cannot use it because:

Sep 04 19:37:01 debian10 opensearch-dashboards[30752]: Terminating process...
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at processTicksAndRejections (node:internal/process/task_queues:78:11)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at wrapper (/usr/share/wazuh-dashboard/node_modules/lodash/lodash.js:5255:19)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at Object.utils.applyArgs (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/utils.js:188:19)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at sendReqWithConnection (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:263:35)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at HttpConnector.request (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/connectors/http.js:182:23)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at Object.request (node:https:357:10)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at new ClientRequest (node:_http_client:335:16)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at HttpsAgent.addRequest (/usr/share/wazuh-dashboard/node_modules/agentkeepalive/lib/_http_agent.js:239:10)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at HttpsAgent.createSocket (/usr/share/wazuh-dashboard/node_modules/agentkeepalive/lib/agent.js:77:11)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at HttpsAgent.createSocket (/usr/share/wazuh-dashboard/node_modules/agentkeepalive/lib/_http_agent.js:265:26)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at HttpsAgent.createConnection (node:https:147:22)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]:     at Object.connect (node:_tls_wrap:1678:15)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]: DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]: Node.js process-warning detected:
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]: (Use `node --trace-deprecation ...` to show where the warning was created)
Sep 04 19:37:01 debian10 opensearch-dashboards[30752]: (node:30752) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version

This deprecation happened in multiple Node.js versions:

• Node.js 12.22.12
• Node.js 14.21.3
• Node.js 16.20.0

This last version is the one used by OpenSearch 2.8.0 and 2.9.0, and will impact how users configure their deployments.

As the error message states, setting the TLS ServerName to an IP address is not permitted by RFC 6066

Tasks

We want to investigate a workaround to minimize the impact of an update from wazuh-indexer 4.5.x to wazuh-indexer 4.6.0 by enabling this deprecated functionality until next releases.