[
https://issues.apache.org/jira/browse/FLINK-9424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16542681#comment-16542681
]
ASF GitHub Bot commented on FLINK-9424:
---------------------------------------
GitHub user StephanEwen opened a pull request:
https://github.com/apache/flink/pull/6324
[FLINK-9424] [security] Set default cipher suite to a more compatible
cipher suite
## What is the purpose of the change
This reverts "[FLINK-9310] [security] Update standard cipher suites for
secure mode"
The upgraded ciphers are not yet supported on all platforms and JDK
versions, making
the getting-started process rough. Instead, we document our recommendation
to set these
values in the configuration.
## Brief change log
- Reverts "[FLINK-9310] [security] Update standard cipher suites for
secure mode"
- Add docs to manually configure the stronger cipher suites
## Documentation
Adds a section to the SSL docs.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/StephanEwen/incubator-flink downgrade_ciphers
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/6324.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #6324
----
commit 37abf46f6030b6404707958e5a3a3fae0051dbea
Author: Stephan Ewen <sewen@...>
Date: 2018-07-13T07:31:18Z
[FLINK-9424] [security] Set default cipher suite to a more compatible
cipher suite.
The upgraded ciphers are not yet supported on all platforms and JDK
versions, making
the getting-started process rough. Instead, we document our recommendation
to set these
values in the configuration.
This reverts "[FLINK-9310] [security] Update standard cipher suites for
secure mode"
----
> BlobClientSslTest does not work in all environments
> ---------------------------------------------------
>
> Key: FLINK-9424
> URL: https://issues.apache.org/jira/browse/FLINK-9424
> Project: Flink
> Issue Type: Test
> Components: Distributed Coordination, Tests
> Affects Versions: 1.5.0
> Reporter: Timo Walther
> Priority: Major
> Labels: pull-request-available
>
> It seems that the {{BlobClientSslTest}} assumes SSL algorithms that are not
> present in every environment. Thus, they cause the Flink build to fail. It
> also affects {{NettyClientServerSslTest}}.
> Environment:
> {code}
> Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297;
> 2018-02-24T20:49:05+01:00)
> Maven home: /usr/local/Cellar/maven/3.5.3/libexec
> Java version: 1.8.0_102, vendor: Oracle Corporation
> Java home:
> /Library/Java/JavaVirtualMachines/jdk1.8.0_102.jdk/Contents/Home/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "mac os x", version: "10.13.3", arch: "x86_64", family: "mac"
> {code}
> Exception:
> {code}
> java.lang.IllegalArgumentException: Cannot support
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers
> at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
> at
> sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:200)
> at
> org.apache.flink.runtime.net.SSLUtils.setSSLVerAndCipherSuites(SSLUtils.java:84)
> at org.apache.flink.runtime.blob.BlobServer.<init>(BlobServer.java:207)
> at
> org.apache.flink.runtime.blob.BlobClientSslTest.startSSLServer(BlobClientSslTest.java:65)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
