You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flink.apache.org by KristoffSC <kr...@gmail.com> on 2020/02/07 15:08:13 UTC
SSL configuration - default behaviour
Hi,
In documentation [1] we can read that
All internal connections are SSL authenticated and encrypted. The
connections use mutual authentication, meaning both server and client side
of each connection need to present the certificate to each other. The
certificate acts effectively as a shared secret.
But is this a default behavior? Are internal connections encrypted by
default?
[1]
https://ci.apache.org/projects/flink/flink-docs-stable/ops/security-ssl.html
--
Sent from: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/
Re: SSL configuration - default behaviour
Posted by Piotr Nowojski <pi...@ververica.com>.
Hi Krzysztof,
Thanks for the suggestion. It was kind of implied in the first sentence on the page already, but I’m fixing it [1] to make it more clear.
Piotrek
[1] https://github.com/apache/flink/pull/11083 <https://github.com/apache/flink/pull/11083>
> On 11 Feb 2020, at 08:22, Krzysztof Chmielewski <kr...@gmail.com> wrote:
>
> Thanks Robert,
> just a small suggestion maybe to change the documentation a little bit.
>
> I'm not sure if its only my impression but from sentence:
> " All internal connections are SSL authenticated and encrypted" initially I thought that this is the default configuration.
>
> Thanks,
> Krzysztof
>
> pon., 10 lut 2020 o 15:12 Robert Metzger <rmetzger@apache.org <ma...@apache.org>> napisał(a):
> Hi,
>
> thanks a lot for your message. By default, internal connections are not encrypted.
>
> On Fri, Feb 7, 2020 at 4:08 PM KristoffSC <krzysiek.chmielewski@gmail.com <ma...@gmail.com>> wrote:
> Hi,
> In documentation [1] we can read that
>
> All internal connections are SSL authenticated and encrypted. The
> connections use mutual authentication, meaning both server and client side
> of each connection need to present the certificate to each other. The
> certificate acts effectively as a shared secret.
>
> But is this a default behavior? Are internal connections encrypted by
> default?
>
> [1]
> https://ci.apache.org/projects/flink/flink-docs-stable/ops/security-ssl.html <https://ci.apache.org/projects/flink/flink-docs-stable/ops/security-ssl.html>
>
>
>
> --
> Sent from: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/ <http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/>
Re: SSL configuration - default behaviour
Posted by Krzysztof Chmielewski <kr...@gmail.com>.
Thanks Robert,
just a small suggestion maybe to change the documentation a little bit.
I'm not sure if its only my impression but from sentence:
*" All internal connections are SSL authenticated and encrypted"* initially
I thought that this is the default configuration.
Thanks,
Krzysztof
pon., 10 lut 2020 o 15:12 Robert Metzger <rm...@apache.org> napisał(a):
> Hi,
>
> thanks a lot for your message. By default, internal connections are not
> encrypted.
>
> On Fri, Feb 7, 2020 at 4:08 PM KristoffSC <kr...@gmail.com>
> wrote:
>
>> Hi,
>> In documentation [1] we can read that
>>
>> All internal connections are SSL authenticated and encrypted. The
>> connections use mutual authentication, meaning both server and client side
>> of each connection need to present the certificate to each other. The
>> certificate acts effectively as a shared secret.
>>
>> But is this a default behavior? Are internal connections encrypted by
>> default?
>>
>> [1]
>>
>> https://ci.apache.org/projects/flink/flink-docs-stable/ops/security-ssl.html
>>
>>
>>
>> --
>> Sent from:
>> http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/
>>
>
Re: SSL configuration - default behaviour
Posted by Robert Metzger <rm...@apache.org>.
Hi,
thanks a lot for your message. By default, internal connections are not
encrypted.
On Fri, Feb 7, 2020 at 4:08 PM KristoffSC <kr...@gmail.com>
wrote:
> Hi,
> In documentation [1] we can read that
>
> All internal connections are SSL authenticated and encrypted. The
> connections use mutual authentication, meaning both server and client side
> of each connection need to present the certificate to each other. The
> certificate acts effectively as a shared secret.
>
> But is this a default behavior? Are internal connections encrypted by
> default?
>
> [1]
>
> https://ci.apache.org/projects/flink/flink-docs-stable/ops/security-ssl.html
>
>
>
> --
> Sent from:
> http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/
>