pnowojski commented on a change in pull request #7688: [FLINK-9816][network]
add option to configure SSL engine provider for TM communication
URL: https://github.com/apache/flink/pull/7688#discussion_r280772939
##########
File path:
flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
##########
@@ -299,6 +300,26 @@
.defaultValue(true)
.withDescription("Flag to enable peer’s hostname
verification during ssl handshake.");
+ /**
+ * SSL engine provider.
+ */
+ public static final ConfigOption<String> SSL_PROVIDER =
+ key("security.ssl.provider")
+ .defaultValue("JDK")
+ .withDescription(Description.builder()
+ .text("The SSL engine provider to use
for the ssl transport:")
+ .list(
+ TextElement.text("%s: default
Java-based SSL engine", TextElement.code("JDK")),
+ TextElement.text("%s:
openSSL-based SSL engine using system libraries"
+ + " (falls back to JDK
if not available)", TextElement.code("OPENSSL"))
Review comment:
It would be safer to fail instead of fall back if users specifies the
openSSL explicitly.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
