You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2018/10/13 20:36:18 UTC

[GitHub] NicoK opened a new pull request #6838: [FLINK-9878][network][ssl] add more low-level ssl options

NicoK opened a new pull request #6838: [FLINK-9878][network][ssl] add more low-level ssl options
URL: https://github.com/apache/flink/pull/6838
 
 
   ## What is the purpose of the change
   
   This is mostly to tackle bugs like https://github.com/netty/netty/issues/832
   (JDK issue during garbage collection when the SSL session cache is not limited).
   We add the following low-level configuration options for the user to fine-tune
   their system, i.e. the Flink-internal communication:
   
   - SSL session cache size
   - SSL session timeout
   - SSL handshake timeout
   - SSL close notify flush timeout
   
   FYI: I'll also merge this into `master` if accepted.
   
   ## Brief change log
   
   - add `security.ssl.internal.session-cache-size` and `security.ssl.internal.session-timeout` configuration parameters
   -> configure these for `SSLContext`s created by `SSLUtil`
   - add `security.ssl.internal.handshake-timeout` and `security.ssl.internal.close-notify-flush-timeout`
   -> configure these for `SslHandler`s created by `SSLHandlerFactory` (previously `SSLEngineFactory`)
   - rename/refactor `SSLEngineFactory` to `SSLHandlerFactory` since no `SSLEngine` objects alone were actually needed, but only Netty's `SslHandler` (reduces code duplication which would be worse with this PR)
   
   ## Verifying this change
   
   This change added tests and can be verified as follows:
   
   - added configuration-verification test to `NettyClientServerSslTest`
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): **no**
     - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: **no**
     - The serializers: **no**
     - The runtime per-record code paths (performance sensitive): **no**
     - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Yarn/Mesos, ZooKeeper: **no**
     - The S3 file system connector: **no**
   
   ## Documentation
   
     - Does this pull request introduce a new feature? **yes** (kind-of)
     - If yes, how is the feature documented? **docs + JavaDocs**
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services