[GitHub] flink pull request #5965: [FLINK-9310] [security] Update standard cipher sui...

2018-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/flink/pull/5965


---

[GitHub] flink pull request #5965: [FLINK-9310] [security] Update standard cipher sui...

2018-05-07 Thread StephanEwen 
GitHub user StephanEwen opened a pull request:

https://github.com/apache/flink/pull/5965

[FLINK-9310] [security] Update standard cipher suites for secure mode

## What is the purpose of the change

This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525

## Brief change log

Updates the default value of the respective config option to
```

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
```

## Verifying this change

This change is already covered by the existing tests that test SSL setups.

## Does this pull request potentially affect one of the following parts:

  - Dependencies (does it add or upgrade a dependency): (yes / **no**)
  - The public API, i.e., is any changed class annotated with 
`@Public(Evolving)`: (yes / **no**)
  - The serializers: (yes / **no** / don't know)
  - The runtime per-record code paths (performance sensitive): (yes / 
**no** / don't know)
  - Anything that affects deployment or recovery: JobManager (and its 
components), Checkpointing, Yarn/Mesos, ZooKeeper: (yes / **no** / don't know)
  - The S3 file system connector: (yes / **no** / don't know)

## Documentation

  - Does this pull request introduce a new feature? (yes / **no**)
  - If yes, how is the feature documented? (not applicable / **docs** / 
JavaDocs / not documented)


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/StephanEwen/incubator-flink 
update_cipher_suits

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/flink/pull/5965.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #5965


commit 9b24574cd437ddbc2d3546c1fa0f73e983c02e31
Author: Stephan Ewen 
Date:   2018-05-07T17:47:00Z

[FLINK-9310] [security] Update standard cipher suites for secure mode

This sets the cipher suits accepted by default to those recommended in
IETF RFC 7525 : https://tools.ietf.org/html/rfc7525




---