SSL¶
Scenarios¶
When the secure Flink cluster is required, SSL-related configuration items must be set.
Configuration Description¶
Configuration items include the SSL switch, certificate, password, and encryption algorithm.
For versions earlier than MRS 3.x, see Table 1.
Parameter | Mandatory | Default Value | Description |
---|---|---|---|
security.ssl.internal.enabled | Yes | The value is automatically configured according to the cluster installation mode.
| Main switch of internal communication SSL. |
security.ssl.internal.keystore | Yes |
| Java keystore file. |
security.ssl.internal.keystore-password | Yes |
| Password used to decrypt the keystore file. |
security.ssl.internal.key-password | Yes |
| Password used to decrypt the server key in the keystore file. |
security.ssl.internal.truststore | Yes |
| truststore file containing the public CA certificates. |
security.ssl.internal.truststore-password | Yes |
| Password used to decrypt the truststore file. |
security.ssl.protocol | Yes | TLSv1.2 | SSL transmission protocol version |
security.ssl.algorithms | Yes | The default value is TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256. | Supported SSL standard algorithm. For details, see the Java official website. |
security.ssl.rest.enabled | Yes | The value is automatically configured according to the cluster installation mode.
| Main switch of external communication SSL. |
security.ssl.rest.keystore | Yes |
| Java keystore file. |
security.ssl.rest.keystore-password | Yes |
| Password used to decrypt the keystore file. |
security.ssl.rest.key-password | Yes |
| Password used to decrypt the server key in the keystore file. |
security.ssl.rest.truststore | Yes |
| truststore file containing the public CA certificates. |
security.ssl.rest.truststore-password | Yes |
| Password used to decrypt the truststore file. |
For configuration items for MRS 3.x or later, see Table 2.
Parameter | Description | Default Value | Mandatory |
---|---|---|---|
security.ssl.enabled | Main switch of internal communication SSL. | The value is automatically configured according to the cluster installation mode.
| Yes |
security.ssl.keystore | Java keystore file. |
| Yes |
security.ssl.keystore-password | Password used to decrypt the keystore file. |
| Yes |
security.ssl.key-password | Password used to decrypt the server key in the keystore file. |
| Yes |
security.ssl.truststore | truststore file containing the public CA certificates. |
| Yes |
security.ssl.truststore-password | Password used to decrypt the truststore file. |
| Yes |
security.ssl.protocol | SSL transmission protocol version. | TLSv1.2 | Yes |
security.ssl.algorithms | Supported SSL standard algorithm. For details, see the Java official website. | The default value: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | Yes |