balassai opened a new pull request, #27491:
URL: https://github.com/apache/flink/pull/27491
This commit addresses cryptographic compatibility issues on modern JDK
versions (e.g., JDK 17.0.18+) by upgrading hashing algorithms and SSL cipher
suites.
Changes:
1. BlobKey Migration:
- Replaced SHA-1 with SHA-256 in BlobUtils for generating blob keys.
- Increased BlobKey.SIZE from 20 bytes to 32 bytes to accommodate the
larger hash digest.
- SHA-1 is increasingly restricted in modern environments; this ensures
the BlobServer remains compliant with stricter security policies.
2. SSL Test Updates:
- Updated SSLUtilsTest, BlobClientSslTest, RpcSSLAuthITCase, and
RestServerSSLAuthITCase.
- Replaced legacy cipher suites (TLS_RSA_WITH_AES_128_CBC_SHA) with
stronger, modern alternatives (e.g., TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256).
- This fixes handshake failures in tests where legacy algorithms are
disabled by the default security provider.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
