flink-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From se...@apache.org
Subject [6/8] flink git commit: [hotfix] [security] Reduce logging verbosity for SSLUtils
Date Tue, 02 May 2017 21:47:28 GMT
[hotfix] [security] Reduce logging verbosity for SSLUtils


Project: http://git-wip-us.apache.org/repos/asf/flink/repo
Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/6f93352b
Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/6f93352b
Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/6f93352b

Branch: refs/heads/master
Commit: 6f93352b78ee019388b8e8a4684730d61549f786
Parents: bad7e0b
Author: Stephan Ewen <sewen@apache.org>
Authored: Sat Apr 29 17:40:30 2017 +0200
Committer: Stephan Ewen <sewen@apache.org>
Committed: Tue May 2 22:49:46 2017 +0200

----------------------------------------------------------------------
 .../org/apache/flink/runtime/net/SSLUtils.java  | 26 +++++++++++++-------
 1 file changed, 17 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flink/blob/6f93352b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
----------------------------------------------------------------------
diff --git a/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
index 5bafeb8..2267eac 100644
--- a/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
+++ b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
@@ -18,10 +18,10 @@
 
 package org.apache.flink.runtime.net;
 
-
 import org.apache.flink.configuration.ConfigConstants;
 import org.apache.flink.configuration.Configuration;
 import org.apache.flink.util.Preconditions;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -35,6 +35,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.net.ServerSocket;
 import java.security.KeyStore;
+import java.util.Arrays;
 
 /**
  * Common utilities to manage SSL transport settings
@@ -66,14 +67,21 @@ public class SSLUtils {
 	 */
 	public static void setSSLVerAndCipherSuites(ServerSocket socket, Configuration config) {
 		if (socket instanceof SSLServerSocket) {
-			((SSLServerSocket) socket).setEnabledProtocols(config.getString(
-				ConfigConstants.SECURITY_SSL_PROTOCOL,
-				ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL).split(","));
-			((SSLServerSocket) socket).setEnabledCipherSuites(config.getString(
-				ConfigConstants.SECURITY_SSL_ALGORITHMS,
-				ConfigConstants.DEFAULT_SECURITY_SSL_ALGORITHMS).split(","));
-		} else {
-			LOG.warn("Not a SSL socket, will skip setting tls version and cipher suites.");
+			final String[] protocols = config.getString(
+					ConfigConstants.SECURITY_SSL_PROTOCOL,
+					ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL).split(",");
+
+			final String[] cipherSuites = config.getString(
+					ConfigConstants.SECURITY_SSL_ALGORITHMS,
+					ConfigConstants.DEFAULT_SECURITY_SSL_ALGORITHMS).split(",");
+
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("Configuring TLS version and cipher suites on SSL socket {} / {}",
+						Arrays.toString(protocols), Arrays.toString(cipherSuites));
+			}
+
+			((SSLServerSocket) socket).setEnabledProtocols(protocols);
+			((SSLServerSocket) socket).setEnabledCipherSuites(cipherSuites);
 		}
 	}
 


Mime
View raw message