SSL
Scenarios
When the secure Flink cluster is required, SSL-related configuration items must be set.
Configuration Description
Configuration items include the SSL switch, certificate, password, and encryption algorithm.
For versions earlier than MRS 3.x, see Table 1.
|
Parameter |
Mandatory |
Default Value |
Description |
|---|---|---|---|
|
security.ssl.internal.enabled |
Yes |
The value is automatically configured according to the cluster installation mode.
|
Main switch of internal communication SSL. |
|
security.ssl.internal.keystore |
Yes |
- |
Java keystore file. |
|
security.ssl.internal.keystore-password |
Yes |
- |
Password used to decrypt the keystore file. |
|
security.ssl.internal.key-password |
Yes |
- |
Password used to decrypt the server key in the keystore file. |
|
security.ssl.internal.truststore |
Yes |
- |
truststore file containing the public CA certificates. |
|
security.ssl.internal.truststore-password |
Yes |
- |
Password used to decrypt the truststore file. |
|
security.ssl.protocol |
Yes |
TLSv1.2 |
SSL transmission protocol version |
|
security.ssl.algorithms |
Yes |
The default value is TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256. |
Supported SSL standard algorithm. For details, see the Java official website: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. |
|
security.ssl.rest.enabled |
Yes |
The value is automatically configured according to the cluster installation mode.
|
Main switch of external communication SSL. |
|
security.ssl.rest.keystore |
Yes |
- |
Java keystore file. |
|
security.ssl.rest.keystore-password |
Yes |
- |
Password used to decrypt the keystore file. |
|
security.ssl.rest.key-password |
Yes |
- |
Password used to decrypt the server key in the keystore file. |
|
security.ssl.rest.truststore |
Yes |
- |
truststore file containing the public CA certificates. |
|
security.ssl.rest.truststore-password |
Yes |
- |
Password used to decrypt the truststore file. |
For configuration items for MRS 3.x or later, see Table 2.
|
Parameter |
Description |
Default Value |
Mandatory |
|---|---|---|---|
|
security.ssl.enabled |
Main switch of internal communication SSL. |
The value is automatically configured according to the cluster installation mode.
|
Yes |
|
security.ssl.keystore |
Java keystore file. |
- |
Yes |
|
security.ssl.keystore-password |
Password used to decrypt the keystore file. |
- |
Yes |
|
security.ssl.key-password |
Password used to decrypt the server key in the keystore file. |
- |
Yes |
|
security.ssl.truststore |
truststore file containing the public CA certificates. |
- |
Yes |
|
security.ssl.truststore-password |
Password used to decrypt the truststore file. |
- |
Yes |
|
security.ssl.protocol |
SSL transmission protocol version. |
TLSv1.2 |
Yes |
|
security.ssl.algorithms |
Supported SSL standard algorithm. For details, see the Java official website: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. |
The default value: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
Yes |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
