[jira] [Commented] (FLINK-3931) Implement Transport Encryption (SSL/TLS)

Thu, 06 Oct 2016 09:53:41 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15552474#comment-15552474
 ] 

ASF GitHub Bot commented on FLINK-3931:
---------------------------------------

Github user mxm commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2518#discussion_r82211018
  
    --- Diff: docs/setup/config.md ---
    @@ -140,6 +140,8 @@ will be used under the directory specified by 
jobmanager.web.tmpdir.
     
     - `blob.server.port`: Port definition for the blob server (serving user 
jar's) on the Taskmanagers. By default the port is set to 0, which means that 
the operating system is picking an ephemeral port. Flink also accepts a list of 
ports ("50100,50101"), ranges ("50100-50200") or a combination of both. It is 
recommended to set a range of ports to avoid collisions when multiple 
JobManagers are running on the same machine.
     
    +- `blob.service.ssl.enabled`: Flag to enable ssl for the blob 
client/server communication. This is applicable only when the global ssl flag 
security.ssl.enabled is set to true (DEFAULT: true).
    --- End diff --
    
    Do we really need a switch for this? If we have `security.ssl.enabled` set 
to `true`, then this should always be enabled.


> Implement Transport Encryption (SSL/TLS)
> ----------------------------------------
>
>                 Key: FLINK-3931
>                 URL: https://issues.apache.org/jira/browse/FLINK-3931
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Suresh Krishnappa
>              Labels: security
>   Original Estimate: 1,008h
>  Remaining Estimate: 1,008h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> To assure privacy and data integrity between Flink components, enable TLS for 
> all communication channels.  As described in the design doc:
> - Accept a configured certificate or generate a certificate.
> - Enable Akka SSL
> - Implement Data Transfer SSL
> - Implement Blob Server SSL
> - Implement Web UI HTTPS



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to