balassai commented on code in PR #28160:
URL: https://github.com/apache/flink/pull/28160#discussion_r3256770414
##########
flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/PekkoUtils.java:
##########
@@ -610,6 +628,38 @@ private static String booleanToOnOrOff(boolean flag) {
return flag ? "on" : "off";
}
+ /**
+ * Returns the highest TLS protocol from {@code configuredProtocols}
according to the JVM's own
+ * ordering of supported protocols.
+ *
+ * <p>The JVM's {@link SSLContext#getSupportedSSLParameters()} returns
protocols ordered from
+ * lowest to highest, so this method is automatically correct for any
future TLS version without
+ * requiring a manually maintained ranking list.
+ *
+ * @throws IllegalArgumentException if none of the configured protocols
are supported by the JVM
+ */
+ private static String highestSupportedProtocol(String[]
configuredProtocols) {
+ final String[] jvmOrdered;
+ try {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(null, null, null);
+ jvmOrdered = ctx.getSupportedSSLParameters().getProtocols();
+ } catch (Exception e) {
+ throw new IllegalStateException("Failed to query supported TLS
protocols from JVM", e);
+ }
+ final Set<String> configured = new
HashSet<>(Arrays.asList(configuredProtocols));
+ // getSupportedSSLParameters().getProtocols() returns protocols from
highest to lowest,
Review Comment:
removed the comment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
