[
https://issues.apache.org/jira/browse/FLINK-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16585836#comment-16585836
]
ASF GitHub Bot commented on FLINK-9878:
---------------------------------------
NicoK commented on a change in pull request #6355: [FLINK-9878][network][ssl]
add more low-level ssl options
URL: https://github.com/apache/flink/pull/6355#discussion_r211235957
##########
File path:
flink-runtime/src/test/java/org/apache/flink/runtime/io/network/netty/NettyClientServerSslTest.java
##########
@@ -65,6 +68,60 @@ public void testValidSslConnection() throws Exception {
Channel ch = NettyTestUtil.connect(serverAndClient);
+ SslHandler sslHandler = (SslHandler) ch.pipeline().get("ssl");
+ assertTrue("default value should not be propagated",
sslHandler.getHandshakeTimeoutMillis() >= 0);
+ assertTrue("default value should not be propagated",
sslHandler.getCloseNotifyTimeoutMillis() >= 0);
+
+ // should be able to send text data
+ ch.pipeline().addLast(new StringDecoder()).addLast(new
StringEncoder());
+ assertTrue(ch.writeAndFlush("test").await().isSuccess());
+
+ NettyTestUtil.shutdown(serverAndClient);
+ }
+
+ /**
+ * Verify valid (advanced) ssl configuration and connection.
+ */
+ @Test
+ public void testValidSslConnectionAdvanced() throws Exception {
Review comment:
Actually, I found a way to verify that these two properties are also set -
will update the test.
Do you think, a benchmark should be included in this PR or rather separately
(it is not really related to these changes)? Also: only in `master`?
About the `taskmanager.netty.client` prefix: that sounds like a nice idea
and could probably be extended to similar use cases with component-specific
configurations. If you think, it's worth pursuing, can you open a JIRA ticket
for this improvement?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> IO worker threads BLOCKED on SSL Session Cache while CMS full gc
> ----------------------------------------------------------------
>
> Key: FLINK-9878
> URL: https://issues.apache.org/jira/browse/FLINK-9878
> Project: Flink
> Issue Type: Bug
> Components: Network
> Affects Versions: 1.5.0, 1.5.1, 1.6.0
> Reporter: Nico Kruber
> Assignee: Nico Kruber
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.6.1, 1.7.0, 1.5.4
>
>
> According to https://github.com/netty/netty/issues/832, there is a JDK issue
> during garbage collection when the SSL session cache is not limited. We
> should allow the user to configure this and further (advanced) SSL parameters
> for fine-tuning to fix this and similar issues. In particular, the following
> parameters should be configurable:
> - SSL session cache size
> - SSL session timeout
> - SSL handshake timeout
> - SSL close notify flush timeout
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
