:original_name: mrs_01_1569.html
.. _mrs_01_1569:
SSL
===
Scenarios
---------
When the secure Flink cluster is required, SSL-related configuration items must be set.
Configuration Description
-------------------------
Configuration items include the SSL switch, certificate, password, and encryption algorithm.
For versions earlier than MRS 3.x, see :ref:`Table 1 `.
.. _mrs_01_1569__table956544414184:
.. table:: **Table 1** Parameters
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| Parameter | Mandatory | Default Value | Description |
+===========================================+=================+===================================================================================================================================+===============================================================================+
| security.ssl.internal.enabled | Yes | The value is automatically configured according to the cluster installation mode. | Main switch of internal communication SSL. |
| | | | |
| | | - Security mode: The default value is **true**. | |
| | | - Normal mode: The default value is **false**. | |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.internal.keystore | Yes | ``-`` | Java keystore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.internal.keystore-password | Yes | ``-`` | Password used to decrypt the keystore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.internal.key-password | Yes | ``-`` | Password used to decrypt the server key in the keystore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.internal.truststore | Yes | ``-`` | **truststore** file containing the public CA certificates. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.internal.truststore-password | Yes | ``-`` | Password used to decrypt the truststore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.protocol | Yes | TLSv1.2 | SSL transmission protocol version |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.algorithms | Yes | The default value is **TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256**. | Supported SSL standard algorithm. For details, see the Java official website. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.rest.enabled | Yes | The value is automatically configured according to the cluster installation mode. | Main switch of external communication SSL. |
| | | | |
| | | - Security mode: The default value is **true**. | |
| | | - Normal mode: The default value is **false**. | |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.rest.keystore | Yes | ``-`` | Java keystore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.rest.keystore-password | Yes | ``-`` | Password used to decrypt the keystore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.rest.key-password | Yes | ``-`` | Password used to decrypt the server key in the keystore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.rest.truststore | Yes | ``-`` | **truststore** file containing the public CA certificates. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| security.ssl.rest.truststore-password | Yes | ``-`` | Password used to decrypt the truststore file. |
+-------------------------------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------+
For configuration items for MRS 3.x or later, see :ref:`Table 2 `.
.. _mrs_01_1569__t0257778dfe3544959abfc85715cc5672:
.. table:: **Table 2** Parameters
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| Parameter | Description | Default Value | Mandatory |
+==================================+===============================================================================+=======================================================================================================================================================+=================+
| security.ssl.enabled | Main switch of internal communication SSL. | The value is automatically configured according to the cluster installation mode. | Yes |
| | | | |
| | | - Security mode: The default value is **true**. | |
| | | - Non-security mode: The default value is **false**. | |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.keystore | Java keystore file. | ``-`` | Yes |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.keystore-password | Password used to decrypt the keystore file. | ``-`` | Yes |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.key-password | Password used to decrypt the server key in the keystore file. | ``-`` | Yes |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.truststore | **truststore** file containing the public CA certificates. | ``-`` | Yes |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.truststore-password | Password used to decrypt the truststore file. | ``-`` | Yes |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.protocol | SSL transmission protocol version. | TLSv1.2 | Yes |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
| security.ssl.algorithms | Supported SSL standard algorithm. For details, see the Java official website. | The default value: | Yes |
| | | | |
| | | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | |
+----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+