ajorgensen commented on issue #2850: Add SSL support for stream manager 
connections
URL: https://github.com/apache/incubator-heron/pull/2850#issuecomment-379234202
 
 
   @kramasamy yes the intention is for everything to function as is and *only* 
in the case that a certificate and private key path are provided will an ssl 
connection be established between stream managers.
   
   Anyone running a production environment should always have their openssl 
version up to date to make sure it has the latest patches, bug fixes, etc. As 
long as the version running on the production machine is ABI compatible with 
1.1.0 then this should work as intended. I believe openssl tries to be as 
backwards compatible as possible 
(https://abi-laboratory.pro/tracker/timeline/openssl/). 1.1.0 was released in 
2016 which was the largest breaking change they've made and until then its been 
close to 100%. I think anyone running a version older than 1.1.0 will have 
bigger problems then not being able to run heron with ssl but assuming the 
methods that we're using are still in that version it *should* just work. 
   
   I am working on getting this change into our production environment now so i 
will hopefully have some metrics to share with you soon regarding any 
performance impact, etc. I have tested this out extensively locally and 
confirmed that the data is transferred over ssl when a certificate key and path 
are supplied through heron_internals.yaml

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to