Vinay created FLINK-9643:
----------------------------
Summary: Flink allowing TLS 1.1 in spite of configuring TLS 1.2
Key: FLINK-9643
URL: https://issues.apache.org/jira/browse/FLINK-9643
Project: Flink
Issue Type: Bug
Components: Security
Affects Versions: 1.3.2
Reporter: Vinay
I have deployed Flink 1.3.2 and enabled SSL settings. From the ssl debug
logs it shows that Flink is using TLSv1.2. However based on the security
scans we have observed that it also allows TLSv1.0 and TLSv1.1.
In order to strictly use TLSv1.2 we have updated the following property of
java.security file:
jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, TLSv1,
TLSv1.1
But still it allows TLSv1.1 , verified this by hitting the following command
from master node:
openssl s_client -connect taskmanager1:<listening_address_port> -tls1
(here listening_address_port is part of
akka.ssl.tcp://flink@taskmanager1:port/user/taskmanager)
Now, when I hit the above command for the data port, it does not allow
TLSv1.1 and only allows TLSv1.2
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
