doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1569.html

<a name="mrs_01_1569"></a><a name="mrs_01_1569"></a>

<h1 class="topictitle1">SSL</h1>
<div id="body8662426"><div class="section" id="mrs_01_1569__en-us_topic_0000001173470694_s89aa4a6fa2bb4ddaa3c480a296b1c8ad"><h4 class="sectiontitle">Scenarios</h4><p id="mrs_01_1569__en-us_topic_0000001173470694_a669f5e4e39ae43cba0610f724f32f288">When the secure Flink cluster is required, SSL-related configuration items must be set.</p>
</div>
<div class="section" id="mrs_01_1569__en-us_topic_0000001173470694_sb84427a3feb64f8593b30b0f78cae3ff"><h4 class="sectiontitle">Configuration Description</h4><p id="mrs_01_1569__en-us_topic_0000001173470694_a556e7f3f25064e64b02bacef39225c83">Configuration items include the SSL switch, certificate, password, and encryption algorithm.</p>

<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1569__en-us_topic_0000001173470694_t0257778dfe3544959abfc85715cc5672" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters</caption><thead align="left"><tr id="mrs_01_1569__en-us_topic_0000001173470694_r064948680f6041b0ad611d1b6e7e3cde"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.1"><p id="mrs_01_1569__en-us_topic_0000001173470694_a41dd1662e80c42d1a9830a390f6c54bd">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.2"><p id="mrs_01_1569__en-us_topic_0000001173470694_ae61bb71bf3034b10acfc120c98447ccf">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.3"><p id="mrs_01_1569__en-us_topic_0000001173470694_af3536ef3d9f24145b9a71fca4307682e">Default Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.4"><p id="mrs_01_1569__en-us_topic_0000001173470694_a2b8622d6e2fe42dc9cd3a819853a75db">Mandatory</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1569__en-us_topic_0000001173470694_r9526eb094f87480298596ab2c8653145"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_ad8fa71c05a9a4a65a1057ec2b4e6a9c8">security.ssl.enabled</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a33046b1bf82346e7b6df24f8c2320302">Main switch of internal communication SSL.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_en-us_topic_0085562851_p850162371917"><span id="mrs_01_1569__en-us_topic_0000001173470694_p42a6f82907814ea0b4ab74e5a013cfaf">The value is automatically configured according to the cluster installation mode.</span></p>
<ul id="mrs_01_1569__en-us_topic_0000001173470694_en-us_topic_0085562851_ul73115215219"><li id="mrs_01_1569__en-us_topic_0000001173470694_en-us_topic_0085562851_li43152105210">Security mode: The default value is <strong id="mrs_01_1569__en-us_topic_0000001173470694_b1593725191101254">true</strong>.</li><li id="mrs_01_1569__en-us_topic_0000001173470694_en-us_topic_0085562851_li4335215524">Non-security mode: The default value is <strong id="mrs_01_1569__en-us_topic_0000001173470694_b1085457561101254">false</strong>.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a1bff3e601cfa419da694f29650f85202">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_rf944417e9c6c4ff1b45cc2c38a84db08"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_af0bed05a970f4b02aef9e0f497853108">security.ssl.keystore</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_ae4d96b1788304584bf813ca70520df01">Java keystore file.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a975bea0ce7b34ef4bd501a70c7bf910d">-</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_abefc2e32845a44969b4e169b06866428">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_ra532155d46444ced86e62e4975909664"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a6fdfc88ee2134a2abced3badeaa03781">security.ssl.keystore-password</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a94461ecb134f4b7cb48e328059001d74">Password used to decrypt the keystore file.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_aeadf9d7b7e7f4629904bc3125557ffc7">-</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a807dfe5281994fb9ad61d7bb6cb30dd1">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_rfe494f98f45345eebc885fc63d5a43a7"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a0b06dce9608b4245802d284503a76cd2">security.ssl.key-password</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a4c02bda84d9b44c1a9f12b0c39f6d446">Password used to decrypt the server key in the keystore file.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a301aa50e60234e1583e52e789a98f810">-</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a571a729a26a0492a9e9d0afde6b11a22">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_r0ef2d94fdbc843dc8cafefb32d79a26e"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a5c3e70ccda0846d1be10c4d331541f6d">security.ssl.truststore</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_aa081fd571dd1409396391d0f0d0463db"><strong id="mrs_01_1569__en-us_topic_0000001173470694_b1309534113611">truststore</strong> file containing the public CA certificates.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a5109ee50685741408a3734da98e2ce34">-</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_aa3720ada16ae461296ddb46e63662a31">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_ra09b0fc7398b4a37a485cc1d9f3e9c60"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a61770cd9dc634886a96870385adfdc68">security.ssl.truststore-password</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_af34f4eeb37964b3c8a35e9baba97e9bb">Password used to decrypt the truststore file.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a1c1bebde8a414918989bc5c598985d33">-</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_ab6331ae403934b0190852dac112ebbb9">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_r6d29ff1c6035435f95d22dc075396594"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_aac8517b2175540ecab77773b61ce0bfc">security.ssl.protocol</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a3bbfa5f937c04c2a8b32f032ea2f6eec">SSL transmission protocol version.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a59285cad0f244d54931825eb73641d49">TLSv1.2</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_aafea2f123e3744e0943f8ffbf0acae8a">Yes</p>
</td>
</tr>
<tr id="mrs_01_1569__en-us_topic_0000001173470694_r0fea598b0a7a4de9b642cc69969c57e9"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a413b9a7b38e04a3cbca3275203bc0237">security.ssl.algorithms</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1569__en-us_topic_0000001173470694_addb9e57302f7456694744175a39e5a63">Supported SSL standard algorithm. For details, see the Java official website.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1569__en-us_topic_0000001173470694_p55963168403">The default value:</p>
<p id="mrs_01_1569__en-us_topic_0000001173470694_p8482419184020">"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1569__en-us_topic_0000001173470694_a8d114a6572ac454fa89bb38b7850c21a">Yes</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0592.html">Flink Configuration Management</a></div>
</div>
</div>