Great, thank you! 2018-06-22 10:16 GMT+02:00 Vinay Patil <vinay18.pa...@gmail.com>:
> Hi Fabian, > > Created a JIRA ticket : https://issues.apache.org/jira/browse/FLINK-9643 > > Regards, > Vinay Patil > > > On Fri, Jun 22, 2018 at 1:25 PM Fabian Hueske <fhue...@gmail.com> wrote: > >> Hi Vinay, >> >> This looks like a bug. >> Would you mind creating a Jira ticket [1] for this issue? >> >> Thank you very much, >> Fabian >> >> [1] https://issues.apache.org/jira/projects/FLINK >> >> 2018-06-21 9:25 GMT+02:00 Vinay Patil <vinay18.pa...@gmail.com>: >> >>> Hi, >>> >>> I have deployed Flink 1.3.2 and enabled SSL settings. From the ssl debug >>> >>> logs it shows that Flink is using TLSv1.2. However based on the security >>> >>> scans we have observed that it also allows TLSv1.0 and TLSv1.1. >>> >>> In order to strictly use TLSv1.2 we have updated the following property >>> of >>> java.security file: >>> jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, TLSv1, >>> TLSv1.1 >>> >>> But still it allows TLSv1.1 , verified this by hitting the following >>> command >>> from master node: >>> >>> openssl s_client -connect taskmanager1:<listening_address_port> -tls1 >>> >>> (here listening_address_port is part of >>> akka.ssl.tcp://flink@taskmanager1:port/user/taskmanager) >>> >>> Now, when I hit the above command for the data port, it does not allow >>> TLSv1.1 and only allows TLSv1.2 >>> >>> Can you please let me know how can I enforce all the flink ports to use >>> TLSv1.2. >>> >>> Regards, >>> Vinay Patil >>> >> >>
