[
https://issues.apache.org/jira/browse/FLINK-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16552552#comment-16552552
]
ASF GitHub Bot commented on FLINK-9878:
---------------------------------------
Github user pnowojski commented on a diff in the pull request:
https://github.com/apache/flink/pull/6355#discussion_r204329262
--- Diff:
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---
@@ -249,14 +357,73 @@ public static SSLContext
createSSLServerContext(Configuration sslConfig) throws
// Set up key manager factory to use the server key
store
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
-
KeyManagerFactory.getDefaultAlgorithm());
+ KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, certPassword.toCharArray());
+ return new SSLServerConfiguration(
+ sslProtocolVersion,
+ sslCipherSuites,
+ kmf,
+ sessionCacheSize,
+ sessionTimeoutMs,
+ handshakeTimeoutMs,
+ closeNotifyFlushTimeoutMs);
+ }
+
+ return null;
+ }
+
+ /**
+ * Creates the SSL Context for the server assuming SSL is configured.
+ *
+ * @param sslConfig
+ * The application configuration
+ * @return The SSLContext object which can be used by the ssl transport
server
+ * @throws Exception
+ * Thrown if there is any misconfiguration
+ */
+ @Nullable
+ public static SSLContext createSSLServerContext(SSLServerConfiguration
sslConfig) throws Exception {
+ Preconditions.checkNotNull(sslConfig);
+
+ LOG.debug("Creating server SSL context from configuration");
+ SSLContext serverSSLContext =
SSLContext.getInstance(sslConfig.sslProtocolVersion);
+
serverSSLContext.init(sslConfig.keyManagerFactory.getKeyManagers(), null, null);
+ if (sslConfig.sessionCacheSize >= 0) {
+
serverSSLContext.getServerSessionContext().setSessionCacheSize(sslConfig.sessionCacheSize);
+ }
+ if (sslConfig.sessionTimeoutMs >= 0) {
+
serverSSLContext.getServerSessionContext().setSessionTimeout(sslConfig.sessionTimeoutMs
/ 1000);
+ }
+
+ return serverSSLContext;
+ }
+
+ /**
+ * Creates the SSL Context for the server if SSL is configured.
+ *
+ * @param sslConfig
+ * The application configuration
+ * @return The SSLContext object which can be used by the ssl transport
server
+ * Returns null if SSL is disabled
+ * @throws Exception
+ * Thrown if there is any misconfiguration
+ */
+ @Nullable
+ public static SSLContext createSSLServerContext(Configuration
sslConfig) throws Exception {
+
+ Preconditions.checkNotNull(sslConfig);
+ SSLContext serverSSLContext = null;
+
+ if (getSSLEnabled(sslConfig)) {
--- End diff --
ditto: reverse if branch and `Optional`
> IO worker threads BLOCKED on SSL Session Cache while CMS full gc
> ----------------------------------------------------------------
>
> Key: FLINK-9878
> URL: https://issues.apache.org/jira/browse/FLINK-9878
> Project: Flink
> Issue Type: Bug
> Components: Network
> Affects Versions: 1.5.0, 1.5.1, 1.6.0
> Reporter: Nico Kruber
> Assignee: Nico Kruber
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.5.2, 1.6.0
>
>
> According to https://github.com/netty/netty/issues/832, there is a JDK issue
> during garbage collection when the SSL session cache is not limited. We
> should allow the user to configure this and further (advanced) SSL parameters
> for fine-tuning to fix this and similar issues. In particular, the following
> parameters should be configurable:
> - SSL session cache size
> - SSL session timeout
> - SSL handshake timeout
> - SSL close notify flush timeout
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
