Yang, Tong
3f5759eed2
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
9.9 KiB
SSL
Scenarios
When the secure Flink cluster is required, SSL-related configuration items must be set.
Configuration Description
Configuration items include the SSL switch, certificate, password, and encryption algorithm.
Parameter |
Description |
Default Value |
Mandatory |
|---|---|---|---|
security.ssl.enabled |
Main switch of internal communication SSL. |
The value is automatically configured according to the cluster installation mode.
|
Yes |
security.ssl.keystore |
Java keystore file. |
- |
Yes |
security.ssl.keystore-password |
Password used to decrypt the keystore file. |
- |
Yes |
security.ssl.key-password |
Password used to decrypt the server key in the keystore file. |
- |
Yes |
security.ssl.truststore |
truststore file containing the public CA certificates. |
- |
Yes |
security.ssl.truststore-password |
Password used to decrypt the truststore file. |
- |
Yes |
security.ssl.protocol |
SSL transmission protocol version. |
TLSv1.2 |
Yes |
security.ssl.algorithms |
Supported SSL standard algorithm. For details, see the Java official website. |
The default value: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
Yes |