SSL
Scenarios
When the secure Flink cluster is required, SSL-related configuration items must be set.
Configuration Description
Configuration items include the SSL switch, certificate, password, and encryption algorithm.
For versions earlier than MRS 3.x, see Table 1.
| Parameter | Mandatory | Default Value | Description |
|---|---|---|---|
| security.ssl.internal.enabled | Yes | The value is automatically configured according to the cluster installation mode.
| Main switch of internal communication SSL. |
| security.ssl.internal.keystore | Yes | - | Java keystore file. |
| security.ssl.internal.keystore-password | Yes | - | Password used to decrypt the keystore file. |
| security.ssl.internal.key-password | Yes | - | Password used to decrypt the server key in the keystore file. |
| security.ssl.internal.truststore | Yes | - | truststore file containing the public CA certificates. |
| security.ssl.internal.truststore-password | Yes | - | Password used to decrypt the truststore file. |
| security.ssl.protocol | Yes | TLSv1.2 | SSL transmission protocol version |
| security.ssl.algorithms | Yes | The default value is TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256. | Supported SSL standard algorithm. For details, see the Java official website: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. |
| security.ssl.rest.enabled | Yes | The value is automatically configured according to the cluster installation mode.
| Main switch of external communication SSL. |
| security.ssl.rest.keystore | Yes | - | Java keystore file. |
| security.ssl.rest.keystore-password | Yes | - | Password used to decrypt the keystore file. |
| security.ssl.rest.key-password | Yes | - | Password used to decrypt the server key in the keystore file. |
| security.ssl.rest.truststore | Yes | - | truststore file containing the public CA certificates. |
| security.ssl.rest.truststore-password | Yes | - | Password used to decrypt the truststore file. |
For configuration items for MRS 3.x or later, see Table 2.
| Parameter | Description | Default Value | Mandatory |
|---|---|---|---|
| security.ssl.enabled | Main switch of internal communication SSL. | The value is automatically configured according to the cluster installation mode.
| Yes |
| security.ssl.keystore | Java keystore file. | - | Yes |
| security.ssl.keystore-password | Password used to decrypt the keystore file. | - | Yes |
| security.ssl.key-password | Password used to decrypt the server key in the keystore file. | - | Yes |
| security.ssl.truststore | truststore file containing the public CA certificates. | - | Yes |
| security.ssl.truststore-password | Password used to decrypt the truststore file. | - | Yes |
| security.ssl.protocol | SSL transmission protocol version. | TLSv1.2 | Yes |
| security.ssl.algorithms | Supported SSL standard algorithm. For details, see the Java official website: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. | The default value: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | Yes |
Last Article: Distributed Coordination (via Akka)
Next Article: Network communication (via Netty)
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.