You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by se...@apache.org on 2018/05/09 14:45:16 UTC
flink git commit: [FLINK-9310] [security] Update standard cipher
suites for secure mode
Repository: flink
Updated Branches:
refs/heads/master 6207bd821 -> 7c87c1a90
[FLINK-9310] [security] Update standard cipher suites for secure mode
This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525
This closes #5965
Project: http://git-wip-us.apache.org/repos/asf/flink/repo
Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/7c87c1a9
Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/7c87c1a9
Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/7c87c1a9
Branch: refs/heads/master
Commit: 7c87c1a9049d1d333494ac595c85ff4f946db3be
Parents: 6207bd8
Author: Stephan Ewen <se...@apache.org>
Authored: Mon May 7 19:47:00 2018 +0200
Committer: Stephan Ewen <se...@apache.org>
Committed: Wed May 9 14:58:34 2018 +0200
----------------------------------------------------------------------
docs/_includes/generated/security_configuration.html | 2 +-
.../main/java/org/apache/flink/configuration/SecurityOptions.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/flink/blob/7c87c1a9/docs/_includes/generated/security_configuration.html
----------------------------------------------------------------------
diff --git a/docs/_includes/generated/security_configuration.html b/docs/_includes/generated/security_configuration.html
index cd682ec..fae0525 100644
--- a/docs/_includes/generated/security_configuration.html
+++ b/docs/_includes/generated/security_configuration.html
@@ -9,7 +9,7 @@
<tbody>
<tr>
<td><h5>security.ssl.algorithms</h5></td>
- <td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
+ <td style="word-wrap: break-word;">"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
<td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a>.</td>
</tr>
<tr>
http://git-wip-us.apache.org/repos/asf/flink/blob/7c87c1a9/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
----------------------------------------------------------------------
diff --git a/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java b/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
index 0f25c6c..10c508b 100644
--- a/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
+++ b/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
@@ -149,7 +149,7 @@ public class SecurityOptions {
*/
public static final ConfigOption<String> SSL_ALGORITHMS =
key("security.ssl.algorithms")
- .defaultValue("TLS_RSA_WITH_AES_128_CBC_SHA")
+ .defaultValue("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
.withDescription("The comma separated list of standard SSL algorithms to be supported. Read more" +
" <a href=\"http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites\">here</a>.");