Hi Fabian, Created a JIRA ticket : https://issues.apache.org/jira/browse/FLINK-9643
Regards, Vinay Patil On Fri, Jun 22, 2018 at 1:25 PM Fabian Hueske <fhue...@gmail.com> wrote: > Hi Vinay, > > This looks like a bug. > Would you mind creating a Jira ticket [1] for this issue? > > Thank you very much, > Fabian > > [1] https://issues.apache.org/jira/projects/FLINK > > 2018-06-21 9:25 GMT+02:00 Vinay Patil <vinay18.pa...@gmail.com>: > >> Hi, >> >> I have deployed Flink 1.3.2 and enabled SSL settings. From the ssl debug >> logs it shows that Flink is using TLSv1.2. However based on the security >> scans we have observed that it also allows TLSv1.0 and TLSv1.1. >> >> In order to strictly use TLSv1.2 we have updated the following property of >> >> java.security file: >> jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, TLSv1, >> TLSv1.1 >> >> But still it allows TLSv1.1 , verified this by hitting the following >> command >> from master node: >> >> openssl s_client -connect taskmanager1:<listening_address_port> -tls1 >> >> (here listening_address_port is part of >> akka.ssl.tcp://flink@taskmanager1:port/user/taskmanager) >> >> Now, when I hit the above command for the data port, it does not allow >> TLSv1.1 and only allows TLSv1.2 >> >> Can you please let me know how can I enforce all the flink ports to use >> TLSv1.2. >> >> Regards, >> Vinay Patil >> > >
