OpenSSL engine support is broken

[peternied]

The following settings were used to enable the use of OpenSSL in JDK11 runtime. After investigating this is not working at all and OpenSSL has been broken for an indeterminate amount of time.

plugins.security.ssl.http.enable_openssl_if_available: true
plugins.security.ssl.transport.enable_openssl_if_available: true
opensearch.unsafe.use_netty_default_allocator: true

After quickly probing the forums I see years old posts with no resolution:

• https://forum.opensearch.org/t/using-plugin-with-netty-tcnative-boringssl-static/950
• https://forum.opensearch.org/t/openssl-netty-setup/752

While there was some interest our modern JDK platforms support many more cryptographic protocols and make this unneeded for the majority use case. Note! This could be a solid enhancement to the platform for faster execution and better footprint.

Fixing OpenSSL support has the following steps at least...

• Fix OpenSSL support so you can use the OpenSSL Engine
• [BUG] OpenSSLTest is not using the OpenSSL Provider #2208
• Update documentation with steps on how to get the feature functional

[stephen-crawford]

I think it makes sense to deprecate a feature if the feature is only used on a deprecated platform. That being said, the question of who is using OpenSSL may be hard fro this specific GitHub community to answer.

I would suspect that those using OpenSSL in other ways would be more likely to include it in any OpenSearch implementations they operated. Apparently up to 4000+ companies have reported using it (https://stackshare.io/openssl) but just because a bunch of people do something does not necessarily make it the right decision for everyone in every case.