You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by StephanEwen <gi...@git.apache.org> on 2018/05/07 19:49:59 UTC
[GitHub] flink pull request #5965: [FLINK-9310] [security] Update standard cipher sui...
GitHub user StephanEwen opened a pull request:
https://github.com/apache/flink/pull/5965
[FLINK-9310] [security] Update standard cipher suites for secure mode
## What is the purpose of the change
This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525
## Brief change log
Updates the default value of the respective config option to
```
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
```
## Verifying this change
This change is already covered by the existing tests that test SSL setups.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (yes / **no**)
- The public API, i.e., is any changed class annotated with `@Public(Evolving)`: (yes / **no**)
- The serializers: (yes / **no** / don't know)
- The runtime per-record code paths (performance sensitive): (yes / **no** / don't know)
- Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Yarn/Mesos, ZooKeeper: (yes / **no** / don't know)
- The S3 file system connector: (yes / **no** / don't know)
## Documentation
- Does this pull request introduce a new feature? (yes / **no**)
- If yes, how is the feature documented? (not applicable / **docs** / JavaDocs / not documented)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/StephanEwen/incubator-flink update_cipher_suits
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/5965.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #5965
----
commit 9b24574cd437ddbc2d3546c1fa0f73e983c02e31
Author: Stephan Ewen <se...@...>
Date: 2018-05-07T17:47:00Z
[FLINK-9310] [security] Update standard cipher suites for secure mode
This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525
----
---
[GitHub] flink pull request #5965: [FLINK-9310] [security] Update standard cipher sui...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/flink/pull/5965
---
[GitHub] flink issue #5965: [FLINK-9310] [security] Update standard cipher suites for...
Posted by StephanEwen <gi...@git.apache.org>.
Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5965
@EronWright This might be interesting to you.
---