flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From NicoK <...@git.apache.org>
Subject [GitHub] flink pull request #6355: [FLINK-9878][network][ssl] add more low-level ssl ...
Date Wed, 18 Jul 2018 14:40:37 GMT
Github user NicoK commented on a diff in the pull request:

    https://github.com/apache/flink/pull/6355#discussion_r203405530
  
    --- Diff: flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
---
    @@ -160,4 +160,41 @@
     		key("security.ssl.verify-hostname")
     			.defaultValue(true)
     			.withDescription("Flag to enable peer’s hostname verification during ssl handshake.");
    +
    +	/**
    +	 * SSL session cache size.
    +	 */
    +	public static final ConfigOption<Integer> SSL_SESSION_CACHE_SIZE =
    +		key("security.ssl.session-cache-size")
    +			.defaultValue(-1)
    +			.withDescription("The size of the cache used for storing SSL session objects. "
    +				+ "According to https://github.com/netty/netty/issues/832, you should always set
"
    +				+ "this to an appropriate number to not run into a bug with stalling IO threads "
    +				+ "during garbage collection. (-1 = use system default).");
    +
    +	/**
    +	 * SSL session timeout.
    +	 */
    +	public static final ConfigOption<Integer> SSL_SESSION_TIMEOUT =
    +		key("security.ssl.session-timeout")
    +			.defaultValue(-1)
    +			.withDescription("The timeout (in ms) for the cached SSL session objects. (-1 = use
system default)");
    +
    +	/**
    +	 * SSL session timeout during handshakes.
    +	 */
    +	public static final ConfigOption<Integer> SSL_HANDSHAKE_TIMEOUT =
    +		key("security.ssl.handshake-timeout")
    +			.defaultValue(-1)
    +			.withDescription("The timeout (in ms) during SSL handshake. (-1 = use system default)");
    +
    +	/**
    +	 * SSL session timeout after flushing the `close_notify` message.
    +	 */
    +	public static final ConfigOption<Integer> SSL_CLOSE_NOTIFY_FLUSH_TIMEOUT =
    +		key("security.ssl.close-notify-flush-timeout")
    +			.defaultValue(-1)
    +			.withDescription("The timeout (in ms) for flushing the `close_notify` that was triggered
by closing a " +
    --- End diff --
    
    could try - strangely though, this is working for e.g. `security.kerberos.login.contexts`
although the desired effect (marking it as code) is not there...but that's a different problem.


---

Mime
View raw message