gaborgsomogyi commented on code in PR #27514:
URL: https://github.com/apache/flink/pull/27514#discussion_r2769713423
##########
flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java:
##########
@@ -498,19 +498,20 @@ public static Configuration forProvider(Configuration
configuration, String prov
* The standard SSL algorithms to be supported.
*
* <p>More options here -
- *
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
+ *
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
*/
@Documentation.Section(Documentation.Sections.SECURITY_SSL)
public static final ConfigOption<String> SSL_ALGORITHMS =
key("security.ssl.algorithms")
.stringType()
- .defaultValue("TLS_RSA_WITH_AES_128_CBC_SHA")
+ .defaultValue(
+
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
Review Comment:
Adding such warnig is fair point but I don't understand how do you plan to
do that phisically. The latest RFC suggests 4 suites. If the user add
stronger/weaker than the suggested then how do you decide from Flink code
whether we should give a warning or not? If you can highlight the logic then I
would buy that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
