[hotfix] [security] Reduce logging verbosity for SSLUtils
Project: http://git-wip-us.apache.org/repos/asf/flink/repo Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/6f93352b Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/6f93352b Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/6f93352b Branch: refs/heads/table-retraction Commit: 6f93352b78ee019388b8e8a4684730d61549f786 Parents: bad7e0b Author: Stephan Ewen <se...@apache.org> Authored: Sat Apr 29 17:40:30 2017 +0200 Committer: Stephan Ewen <se...@apache.org> Committed: Tue May 2 22:49:46 2017 +0200 ---------------------------------------------------------------------- .../org/apache/flink/runtime/net/SSLUtils.java | 26 +++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flink/blob/6f93352b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---------------------------------------------------------------------- diff --git a/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java index 5bafeb8..2267eac 100644 --- a/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java +++ b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java @@ -18,10 +18,10 @@ package org.apache.flink.runtime.net; - import org.apache.flink.configuration.ConfigConstants; import org.apache.flink.configuration.Configuration; import org.apache.flink.util.Preconditions; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -35,6 +35,7 @@ import java.io.File; import java.io.FileInputStream; import java.net.ServerSocket; import java.security.KeyStore; +import java.util.Arrays; /** * Common utilities to manage SSL transport settings @@ -66,14 +67,21 @@ public class SSLUtils { */ public static void setSSLVerAndCipherSuites(ServerSocket socket, Configuration config) { if (socket instanceof SSLServerSocket) { - ((SSLServerSocket) socket).setEnabledProtocols(config.getString( - ConfigConstants.SECURITY_SSL_PROTOCOL, - ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL).split(",")); - ((SSLServerSocket) socket).setEnabledCipherSuites(config.getString( - ConfigConstants.SECURITY_SSL_ALGORITHMS, - ConfigConstants.DEFAULT_SECURITY_SSL_ALGORITHMS).split(",")); - } else { - LOG.warn("Not a SSL socket, will skip setting tls version and cipher suites."); + final String[] protocols = config.getString( + ConfigConstants.SECURITY_SSL_PROTOCOL, + ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL).split(","); + + final String[] cipherSuites = config.getString( + ConfigConstants.SECURITY_SSL_ALGORITHMS, + ConfigConstants.DEFAULT_SECURITY_SSL_ALGORITHMS).split(","); + + if (LOG.isDebugEnabled()) { + LOG.debug("Configuring TLS version and cipher suites on SSL socket {} / {}", + Arrays.toString(protocols), Arrays.toString(cipherSuites)); + } + + ((SSLServerSocket) socket).setEnabledProtocols(protocols); + ((SSLServerSocket) socket).setEnabledCipherSuites(cipherSuites); } }