You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@flink.apache.org by tr...@apache.org on 2018/05/25 09:04:36 UTC

flink git commit: [hotfix] Extend Flink 1.5 release notes to include cypher algorithm problems

Repository: flink
Updated Branches:
  refs/heads/release-1.5 34ef2502f -> b1cc274e5


[hotfix] Extend Flink 1.5 release notes to include cypher algorithm problems

See FLINK-9437 for more information.


Project: http://git-wip-us.apache.org/repos/asf/flink/repo
Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/b1cc274e
Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/b1cc274e
Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/b1cc274e

Branch: refs/heads/release-1.5
Commit: b1cc274e5c63f6265e3bac768232b9c4710c3f64
Parents: 34ef250
Author: Till Rohrmann <tr...@apache.org>
Authored: Fri May 25 11:03:18 2018 +0200
Committer: Till Rohrmann <tr...@apache.org>
Committed: Fri May 25 11:03:18 2018 +0200

----------------------------------------------------------------------
 docs/release-notes/flink-1.5.md | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flink/blob/b1cc274e/docs/release-notes/flink-1.5.md
----------------------------------------------------------------------
diff --git a/docs/release-notes/flink-1.5.md b/docs/release-notes/flink-1.5.md
index 4cee577..7bf61d9 100644
--- a/docs/release-notes/flink-1.5.md
+++ b/docs/release-notes/flink-1.5.md
@@ -56,6 +56,13 @@ We removed the automatic Hadoop classpath discovery via the Hadoop binary. If yo
 export HADOOP_CLASSPATH=`hadoop classpath`.
 ```
 
+<!-- Remove once FLINK-9437 has been merged -->
+### Problems With Enabling SSL Encryption
+
+Due to a limitation in Netty's `SsLHandler` (v4.0.27), it does not work well together with GCM enabled cypher suites. 
+It can cause transmission failures between Flink TaskManager's which manifest in a `LocalTransportException`.
+Therefore, it is highly recommended to either set the `security.ssl.algorithms` configuration to `TLS_RSA_WITH_AES_128_CBC_SHA` when enabling SSL encryption or to disable SSL encryption between TaskManagers via `taskmanager.data.ssl.enabled: false`. 
+
 ### Breaking Changes of the REST API
 
 In an effort to harmonize, extend, and improve the REST API, a few handlers and return values were changed.