GitHub user StephanEwen opened a pull request:
https://github.com/apache/flink/pull/5965
[FLINK-9310] [security] Update standard cipher suites for secure mode
## What is the purpose of the change
This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525
## Brief change log
Updates the default value of the respective config option to
```
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
```
## Verifying this change
This change is already covered by the existing tests that test SSL setups.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (yes / **no**)
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: (yes / **no**)
- The serializers: (yes / **no** / don't know)
- The runtime per-record code paths (performance sensitive): (yes /
**no** / don't know)
- Anything that affects deployment or recovery: JobManager (and its
components), Checkpointing, Yarn/Mesos, ZooKeeper: (yes / **no** / don't know)
- The S3 file system connector: (yes / **no** / don't know)
## Documentation
- Does this pull request introduce a new feature? (yes / **no**)
- If yes, how is the feature documented? (not applicable / **docs** /
JavaDocs / not documented)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/StephanEwen/incubator-flink
update_cipher_suits
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/5965.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #5965
commit 9b24574cd437ddbc2d3546c1fa0f73e983c02e31
Author: Stephan Ewen
Date: 2018-05-07T17:47:00Z
[FLINK-9310] [security] Update standard cipher suites for secure mode
This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525
---