[jira] [Commented] (FLINK-5981) SSL version and ciper suites cannot be constrained as configured

Tue, 07 Mar 2017 04:11:02 -0800 

    [ 
https://issues.apache.org/jira/browse/FLINK-5981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15899343#comment-15899343
 ] 

ASF GitHub Bot commented on FLINK-5981:
---------------------------------------

GitHub user WangTaoTheTonic opened a pull request:

    https://github.com/apache/flink/pull/3486

    [FLINK-5981][SECURITY]make ssl version and cipher suites work as configured

    I configured ssl and start flink job, but found configured properties 
cannot apply properly:
    ```
    akka port: only ciper suites apply right, ssl version not
    blob server/netty server: both ssl version and ciper suites are not like 
what I configured
    ```
    I've found out the reason why:
    
    http://stackoverflow.com/questions/11504173/sslcontext-initialization (for 
blob server and netty server)
    https://groups.google.com/forum/#!topic/akka-user/JH6bGnWE8kY(for akka ssl 
version, it's fixed in akka 2.4:https://github.com/akka/akka/pull/21078)
    
    Configs:
    ```
    security.ssl.protocol: TLSv1.1
    
    security.ssl.algorithms: TLS_RSA_WITH_AES_128_CBC_SHA
    ```
    **The scan results before:**
    
![before_blob_server](https://cloud.githubusercontent.com/assets/5276001/23655830/d37eb680-0371-11e7-952c-4a6514b1c42b.JPG)
    **The scan results after fix:**
    
![after_blob_server](https://cloud.githubusercontent.com/assets/5276001/23655841/dfc09da0-0371-11e7-8486-bc807e877dff.JPG)

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/WangTaoTheTonic/flink FLINK-5981

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/flink/pull/3486.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3486
    
----
commit c75c2e3f38e0a856ead1316223ad3d81061e4252
Author: WangTaoTheTonic <[email protected]>
Date:   2017-03-07T12:05:21Z

    make ssl version and cipher suites work as configured

----


> SSL version and ciper suites cannot be constrained as configured
> ----------------------------------------------------------------
>
>                 Key: FLINK-5981
>                 URL: https://issues.apache.org/jira/browse/FLINK-5981
>             Project: Flink
>          Issue Type: Bug
>          Components: Security
>            Reporter: Tao Wang
>            Assignee: Tao Wang
>
> I configured ssl and start flink job, but found configured properties cannot 
> apply properly:
> akka port: only ciper suites apply right, ssl version not
> blob server/netty server: both ssl version and ciper suites are not like what 
> I configured
> I've found out the reason why:
> http://stackoverflow.com/questions/11504173/sslcontext-initialization (for 
> blob server and netty server)
> https://groups.google.com/forum/#!topic/akka-user/JH6bGnWE8kY(for akka ssl 
> version, it's fixed in akka 2.4:https://github.com/akka/akka/pull/21078)
> I'll fix the issue on blob server and netty server, and it seems like only 
> upgrade for akka can solve issue in akka side(we'll consider later as upgrade 
> is not a small action).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to