[ https://issues.apache.org/jira/browse/FLINK-9643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Viktor Vlasov updated FLINK-9643: --------------------------------- Attachment: test.png > Flink allowing TLS 1.1 in spite of configuring TLS 1.2 > ------------------------------------------------------ > > Key: FLINK-9643 > URL: https://issues.apache.org/jira/browse/FLINK-9643 > Project: Flink > Issue Type: Bug > Components: Security > Affects Versions: 1.3.2 > Reporter: Vinay > Assignee: Viktor Vlasov > Priority: Major > Attachments: result.csv, result_2.csv, test.png > > > I have deployed Flink 1.3.2 and enabled SSL settings. From the ssl debug > logs it shows that Flink is using TLSv1.2. However based on the security > scans we have observed that it also allows TLSv1.0 and TLSv1.1. > > In order to strictly use TLSv1.2 we have updated the following property of > java.security file: > jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, TLSv1, > TLSv1.1 > But still it allows TLSv1.1 , verified this by hitting the following command > from master node: > openssl s_client -connect taskmanager1:<listening_address_port> -tls1 > (here listening_address_port is part of > akka.ssl.tcp://flink@taskmanager1:port/user/taskmanager) > Now, when I hit the above command for the data port, it does not allow > TLSv1.1 and only allows TLSv1.2 -- This message was sent by Atlassian JIRA (v7.6.3#76005)