[
https://issues.apache.org/jira/browse/FLINK-33902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17798990#comment-17798990
]
Matthias Pohl commented on FLINK-33902:
---------------------------------------
We could do it. But there's no real value in my opinion. We use this in a test
case (there's no relevance functional-wise, as far as I understand). Therefore,
it's also not really a security issue.
> Switch to OpenSSL legacy algorithms
> -----------------------------------
>
> Key: FLINK-33902
> URL: https://issues.apache.org/jira/browse/FLINK-33902
> Project: Flink
> Issue Type: Sub-task
> Components: Build System
> Affects Versions: 1.19.0
> Reporter: Matthias Pohl
> Priority: Major
> Labels: github-actions
>
> In FLINK-33550 we discovered that the GHA runners provided by GitHub have a
> newer version of OpenSSL installed which caused errors in the SSL tests:
> {code:java}
> Certificate was added to keystore
> Certificate was added to keystore
> Certificate reply was installed in keystore
> Error outputting keys and certificates
> 40F767F1D97F0000:error:0308010C:digital envelope
> routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global
> default library context, Algorithm (RC2-40-CBC : 0), Properties ()
> Nov 14 15:39:21 [FAIL] Test script contains errors. {code}
> The workaround is to enable legacy algorithms using the {{-legacy}} parameter
> in 3.0.0+. We might need to check whether that works for older OpenSSL
> version (in Azure CI).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
