Re: [PR] [FLINK-39022][security] Set security.ssl.algorithms default value to modern cipher suite [flink]

via GitHub Thu, 05 Feb 2026 14:07:30 -0800


balassai commented on code in PR #27514:
URL: https://github.com/apache/flink/pull/27514#discussion_r2771358818



##########
flink-runtime/src/test/java/org/apache/flink/runtime/net/SSLUtilsTest.java:
##########
@@ -523,11 +511,6 @@ public static String getRestCertificateFingerprint(
     private static void addSslProviderConfig(Configuration config, String 
sslProvider) {
         if (sslProvider.equalsIgnoreCase("OPENSSL")) {
             OpenSsl.ensureAvailability();
-
-            // Flink's default algorithm set is not available for openSSL - 
choose a different one:

Review Comment:
   TLSv1.2 is the default for security.ssl.protocol it and 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is 
the new default value of security.ssl algorithm, therefore it is safe to remove 
here.
   https://docs.openssl.org/1.0.2/man1/ciphers/#tls-v12-cipher-suites



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] [FLINK-39022][security] Set security.ssl.algorithms default value to modern cipher suite [flink]

Reply via email to