GitHub user NicoK opened a pull request:
https://github.com/apache/flink/pull/6355
[FLINK-9878][network][ssl] add more low-level ssl options
## What is the purpose of the change
This is mostly to tackle bugs like https://github.com/netty/netty/issues/832
(JDK issue during garbage collection when the SSL session cache is not
limited).
We add the following low-level configuration options for the user to
fine-tune
their system:
- SSL session cache size
- SSL session timeout
- SSL handshake timeout
- SSL close notify flush timeout
This is the PR for the `release-1.5` branch only - I'll create a separate
one for `master` due to the changes of #6326.
## Brief change log
- add `security.ssl.session-cache-size` and `security.ssl.session-timeout`
configuration parameters
-> configure these for `SSLContext`s created by `SSLUtil`
- add `security.ssl.handshake-timeout` and
`security.ssl.close-notify-flush-timeout`
-> configure these in the TM-communication channels via `NettyClient` and
`NettyServer`
- refactor `SSLUtils` so that we extract these configurations separately
## Verifying this change
This change added tests and can be verified as follows:
- added configuration-verification test to `NettyClientServerSslTest`
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): **no**
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: **no**
- The serializers: **no**
- The runtime per-record code paths (performance sensitive): **no**
- Anything that affects deployment or recovery: JobManager (and its
components), Checkpointing, Yarn/Mesos, ZooKeeper: **no**
- The S3 file system connector: **no**
## Documentation
- Does this pull request introduce a new feature? **yes** (kind-of)
- If yes, how is the feature documented? **docs + JavaDocs**
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/NicoK/flink flink-9878
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/6355.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #6355
----
commit 9a19f64130837cba40c8f9b708aa98c002ae1a63
Author: Nico Kruber <nico@...>
Date: 2018-07-17T21:40:11Z
[FLINK-9878][network][ssl] add more low-level ssl options
This is mostly to tackle bugs like https://github.com/netty/netty/issues/832
(JDK issue during garbage collection when the SSL session cache is not
limited).
We add the following low-level configuration options for the user to
fine-tune
their system:
- SSL session cache size
- SSL session timeout
- SSL handshake timeout
- SSL close notify flush timeout
----
---
