gaborgsomogyi commented on code in PR #27514:
URL: https://github.com/apache/flink/pull/27514#discussion_r2769443722
##########
flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java:
##########
@@ -498,19 +498,20 @@ public static Configuration forProvider(Configuration
configuration, String prov
* The standard SSL algorithms to be supported.
*
* <p>More options here -
- *
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
+ *
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
*/
@Documentation.Section(Documentation.Sections.SECURITY_SSL)
public static final ConfigOption<String> SSL_ALGORITHMS =
key("security.ssl.algorithms")
.stringType()
- .defaultValue("TLS_RSA_WITH_AES_128_CBC_SHA")
+ .defaultValue(
+
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
.withDescription(
Description.builder()
.text(
"The comma separated list of
standard SSL algorithms to be supported. Read more %s",
link(
-
"http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites";,
+
"https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html";,
Review Comment:
I would vote on java 11 because that's the minimal supported flink version.
The default cipher is always the lowest/available but secure enough so don't
see reason to extend it. Any user can uprade freewillingly by changing it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
