[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[jira] [Created] (FLINK-9437) Revert cypher suite update

Till Rohrmann created FLINK-9437:

             Summary: Revert cypher suite update
                 Key: FLINK-9437
                 URL: https://issues.apache.org/jira/browse/FLINK-9437
             Project: Flink
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.5.0
            Reporter: Till Rohrmann
             Fix For: 1.5.1

The changes of FLINK-9310 causes Flink to fail when sending data between {{TaskManagers}} as reported by a user [1]. The problem seems to be that Netty's {{SslHandler}} (v4.0.27) tries to allocate heap buffers when using a GCM enabled cypher suite. However, since we explicitly prohibit the allocation of heap buffers it fails. In later Netty versions, this behaviour seems to be fixed.

I propose to revert the changes of FLINK-9310 and set the default cypher algorithm to {{TLS_RSA_WITH_AES_128_CBC_SHA}}.

[1] http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-1-5-Job-fails-to-execute-in-multiple-taskmanagers-parallelism-gt-1-td22467.html

This message was sent by Atlassian JIRA