enhancement(deps)!: remove openssl legacy provider flag and update do…

…cs (vectordotdev#18609)

* enhancement(deps)!: remove openssl legacy provider flag and update documentation

* fix website build

* fix website build

* fix website build

* add back flag and set to false

* add back flag and set to false

* update upgrade guide

* add authors

* feedback

* update deprecations.md

* update docs to mention default file location

Cargo.toml

@@ -385,8 +385,6 @@ nix = { git = "https://github.com/vectordotdev/nix.git", branch = "memfd/gnu/mus
 # The `heim` crates depend on `ntapi` 0.3.7 on Windows, but that version has an
 # unaligned access bug fixed in the following revision.
 ntapi = { git = "https://github.com/MSxDOS/ntapi.git", rev = "24fc1e47677fc9f6e38e5f154e6011dc9b270da6" }
-# 300.1.3+3.1.2 + a commit that re-adds force-engine flag. Can be removed after next release of openssl-src.
-openssl-src = { git = "https://github.com/alexcrichton/openssl-src-rs", ref = "26dc3c81d8ebee5f7ec40835e29bf9f37e648ab2" }
 
 [features]
 # Default features for *-unknown-linux-gnu and *-apple-darwin

docs/DEPRECATIONS.md

@@ -4,6 +4,6 @@ See [DEPRECATION.md](docs/DEPRECATION.md#process) for the process for updating t
 
 ## To be migrated
 
-* legacy_openssl_provider v0.33.0 OpenSSL legacy provider flag should default to false
-
 ## To be removed
+
+* legacy_openssl_provider v0.34.0 OpenSSL legacy provider flag should be removed

src/cli.rs

@@ -202,8 +202,8 @@ pub struct RootOpts {
     #[arg(
         long,
         env = "VECTOR_OPENSSL_LEGACY_PROVIDER",
-        default_value = "true",
-        default_missing_value = "true",
+        default_value = "false",
+        default_missing_value = "false",
         num_args = 0..=1,
         require_equals = true,
         action = ArgAction::Set

website/content/en/highlights/2023-09-26-0-33-0-upgrade-guide.md

@@ -2,7 +2,7 @@
 date: "2023-09-26"
 title: "0.33 Upgrade Guide"
 description: "An upgrade guide that addresses breaking changes in 0.33.0"
-authors: ["spencergilbert", "neuronull"]
+authors: ["spencergilbert", "neuronull", "pront", "dsmith3197"]
 release: "0.33.0"
 hide_on_release_notes: false
 badges:
@@ -12,12 +12,18 @@ badges:
 Vector's 0.33.0 release includes **breaking changes**:
 
 1. [Behavior of the `datadog_logs` sink's `endpoint` setting](#datadog-logs-endpoint)
+1. [Disable OpenSSL legacy provider by default](#openssl-legacy-provider)
 
-Vector's 0.33.0 release includes **deprecations**:
+and **deprecations**:
 
+1. [Default config location change](#default-config-location-change)
 1. [Renaming the `armv7` rpm package](#armv7-rename)
 2. [Metadata field in the Vector protobuf definition](#vector-proto-metadata)
 
+and **potentially impactful changes**:
+
+1. [Async runtime default number of worker threads](#runtime-worker-threads)
+
 We cover them below to help you upgrade quickly:
 
 ## Upgrade guide
@@ -35,9 +41,23 @@ with the other Datadog sinks, which use the `endpoint` as a base URL that the AP
 With this release, the `datadog_logs` sink's behavior is now consistent with the other
 Datadog sinks for the `endpoint` setting.
 
+#### Disable OpenSSL legacy provider by default {#openssl-legacy-provider}
+
+Vector upgraded the version of OpenSSL that it statically compiles in to v3.1.x in the 0.32.0 release.
+Following our deprecation policy, v0.33.0 now disables the legacy OpenSSL provider by default. It can be
+enabled via an [OpenSSL configuration file](https://www.openssl.org/docs/man3.1/man5/config.html). The file
+location defaults to `/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable.
+
 
 ### Deprecations
 
+#### Default config location change {#default-config-location-change}
+
+The default config location `/etc/vector/vector.toml` which is used by Vector `0.32.0` is now deprecated. This location will still be used in `0.33.0`. The new default path is `/etc/vector/vector.yaml`, please migrate to this new default path or specify the config path explicitly.
+
+Vector `0.33.0` will attempt to load `/etc/vector/vector.toml` first, and if it is not present, it will fallback to `/etc/vector/vector.yaml`. However, Vector release `0.34.0` will automatically load `/etc/vector/vector.yaml` only.
+
+
 #### Renaming the `armv7` rpm package {#armv7-rename}
 
 The `armv7` rpm package, `vector-<version>-1.armv7.rpm`, is now published as

website/cue/reference/cli.cue

@@ -634,7 +634,7 @@ cli: {
 		}
 		VECTOR_OPENSSL_LEGACY_PROVIDER: {
 			description: "Load the OpenSSL legacy provider."
-			type: bool: default: true
+			type: bool: default: false
 		}
 		VECTOR_OPENSSL_NO_PROBE: {
 			description: """

website/cue/reference/components/sinks.cue

@@ -644,7 +644,9 @@ components: sinks: [Name=string]: {
 					title: "Transport Layer Security (TLS)"
 					body:  """
 						Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols due to OpenSSL's maturity. You can
-						enable and adjust TLS behavior using the [`tls.*`](#tls) options.
+						enable and adjust TLS behavior via the [`tls.*`](#tls) options and/or via an
+						[OpenSSL configuration file](\(urls.openssl_conf)). The file location defaults to
+						`/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable.
 						"""
 				}
 			}

website/cue/reference/components/sources.cue

@@ -356,9 +356,11 @@ components: sources: [Name=string]: {
 		_tls: {
 			title: "Transport Layer Security (TLS)"
 			body:  """
-				  Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols. You can
-				  adjust TLS behavior via the `tls.*` options.
-				  """
+				Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols due to OpenSSL's maturity. You can
+				enable and adjust TLS behavior via the `tls.*` options and/or via an
+				[OpenSSL configuration file](\(urls.openssl_conf)). The file location defaults to
+				`/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable.
+				"""
 		}
 
 		if features.collect != _|_ {

website/cue/reference/components/sources/opentelemetry.cue

@@ -198,9 +198,11 @@ components: sources: opentelemetry: {
 		tls: {
 			title: "Transport Layer Security (TLS)"
 			body:  """
-				  Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols. You can
-				  adjust TLS behavior via the `grpc.tls.*` and `http.tls.*` options.
-				  """
+				Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols due to OpenSSL's maturity. You can
+				enable and adjust TLS behavior via the `grpc.tls.*` and `http.tls.*` options and/or via an
+				[OpenSSL configuration file](\(urls.openssl_conf)). The file location defaults to
+				`/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable.
+				"""
 		}
 	}
 }

website/cue/reference/urls.cue

@@ -383,6 +383,7 @@ urls: {
 	nixos:                                      "https://nixos.org/"
 	nixpkgs_9682:                               "\(github)/NixOS/nixpkgs/issues/9682"
 	openssl:                                    "https://www.openssl.org/"
+	openssl_conf:                               "https://www.openssl.org/docs/man3.1/man5/config.html"
 	opentelemetry:                              "https://opentelemetry.io"
 	opentelemetry_protocol:                     "\(opentelemetry)/docs/reference/specification/protocol/otlp/"
 	order_of_ops:                               "\(wikipedia)/wiki/Order_of_operations"