Hi Vinay, This looks like a bug. Would you mind creating a Jira ticket [1] for this issue?
Thank you very much, Fabian [1] https://issues.apache.org/jira/projects/FLINK 2018-06-21 9:25 GMT+02:00 Vinay Patil <vinay18.pa...@gmail.com>: > Hi, > > I have deployed Flink 1.3.2 and enabled SSL settings. From the ssl debug > logs it shows that Flink is using TLSv1.2. However based on the security > scans we have observed that it also allows TLSv1.0 and TLSv1.1. > > In order to strictly use TLSv1.2 we have updated the following property of > > java.security file: > jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, TLSv1, > TLSv1.1 > > But still it allows TLSv1.1 , verified this by hitting the following > command > from master node: > > openssl s_client -connect taskmanager1:<listening_address_port> -tls1 > > (here listening_address_port is part of > akka.ssl.tcp://flink@taskmanager1:port/user/taskmanager) > > Now, when I hit the above command for the data port, it does not allow > TLSv1.1 and only allows TLSv1.2 > > Can you please let me know how can I enforce all the flink ports to use > TLSv1.2. > > Regards, > Vinay Patil >
