pratapaditya04 opened a new pull request, #4153: URL: https://github.com/apache/gobblin/pull/4153
Dear Gobblin maintainers, Please accept this PR. I understand that it will not be reviewed until I have checked off all the steps below! ### JIRA - [ ] My PR addresses the following [Gobblin JIRA](https://issues.apache.org/jira/browse/GOBBLIN/) issues and references them in the PR title. For example, "[GOBBLIN-XXX] My Gobblin PR" https://issues.apache.org/jira/browse/GOBBLIN-2238 ### Description - [ ] Here are some details about my PR, including screenshots (if applicable): Details : This PR removes the TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suites from Gobblin’s default gRPC SSL configuration. These cipher suites are not supported on Java 8 (1.8.0_282 and below), and their presence was causing: java.lang.IllegalArgumentException: Unsupported CipherSuite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 when Gobblin Temporal master or Yarn containers attempted to initialize SSL/TLS contexts during job startup. Affected flows used Java 8u282 (java.home=/export/apps/jdk/JDK-1_8_0_282-msft/jre) Successful flows used Java 8u172 (java.home=/export/apps/jdk/JDK-1_8_0_172/jre) The issue surfaced because newer JDK 8 builds perform stricter cipher validation than older ones. Fix: Removed ChaCha20-based ciphers from the default SSL_CONFIG_DEFAULT_CIPHER_SUITES. Retained AES-GCM-based ciphers required for HTTP/2 and supported on all JDK 8+ versions: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 . ### Tests - [ ] My PR adds the following unit tests __OR__ does not need testing for this extremely good reason: ### Commits - [ ] My commits all reference JIRA issues in their subject lines, and I have squashed multiple commits if they address the same issue. In addition, my commits follow the guidelines from "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)": 1. Subject is separated from body by a blank line 2. Subject is limited to 50 characters 3. Subject does not end with a period 4. Subject uses the imperative mood ("add", not "adding") 5. Body wraps at 72 characters 6. Body explains "what" and "why", not "how" -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
