Skip to content

[FLINK-39022][security] Set security.ssl.algorithms default value to modern cipher suite #27514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
balassai wants to merge 7 commits into
base: master
Choose a base branch
from
Open

[FLINK-39022][security] Set security.ssl.algorithms default value to modern cipher suite #27514

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c31c5d3
Set security.ssl.algorithms default value to modern cipher suite
balassai Feb 3, 2026
8bfaffc
compare defaultValue
balassai Feb 3, 2026
718818e
update doc and release note
balassai Feb 4, 2026
8623f7c
Fix code review comments.
balassai Feb 4, 2026
1699165
Update zh doc update obsolete cipher suite in test
balassai Feb 4, 2026
315c80c
Docand release-notes upate. Openssl TLSv1 test setup revert
balassai Feb 5, 2026
f781c47
Java 11 cipher suite link update
balassai Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 6 additions & 10 deletions docs/content.zh/docs/deployment/security/security-ssl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,20 +150,16 @@ security.ssl.rest.authentication-enabled: false

### Cipher suites

{{< hint warning >}}
The [IETF RFC 7525](https://tools.ietf.org/html/rfc7525) recommends to use a specific set of cipher suites for strong security.
Because these cipher suites were not available on many setups out of the box, Flink's default value is set to a slightly
weaker but more compatible cipher suite.
We recommend that SSL setups update to the stronger cipher suites, if possible, by adding the below entry to the Flink configuration:
For strong security, it is crucial to use modern and robust cipher suites. [IETF RFC 9325](https://www.rfc-editor.org/info/rfc9325), which supersedes the older RFC 7525, provides current recommendations for the secure use of TLS.

In response to evolving security standards and to ensure compatibility with modern Java versions, Flink has updated its default cipher suites. Recent JDK updates (affecting versions like 11.0.30+, 17.0.18+, etc.) have disabled older `TLS_RSA_*` cipher suites that lack forward secrecy.

```yaml
security.ssl.algorithms: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
```
To support these secure-by-default JDK versions and align with best practices, Flink's default value for `security.ssl.algorithms` is now:

If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
Copy link
Contributor

@davidradl davidradl Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it safe to remove this line. Can we have a locked down setup with a reduced set of algorithms - that this warning could still be valid for?

Copy link
Contributor

@gaborgsomogyi gaborgsomogyi Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on this, we should keep this mitigation for users.

Copy link
Contributor

@gaborgsomogyi gaborgsomogyi Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, the sentences later are touching cipher customization but not telling what are be the visible symptoms. I would say we should add the visible symptoms into the upcoming new paragpraph together.

Copy link
Contributor Author

@balassai balassai Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack, adding back the visible warning line.

`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

{{< /hint >}}
This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.

### Complete List of SSL Options

Expand Down
16 changes: 6 additions & 10 deletions docs/content/docs/deployment/security/security-ssl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,20 +150,16 @@ security.ssl.rest.authentication-enabled: false

### Cipher suites

{{< hint warning >}}
The [IETF RFC 7525](https://tools.ietf.org/html/rfc7525) recommends to use a specific set of cipher suites for strong security.
Because these cipher suites were not available on many setups out of the box, Flink's default value is set to a slightly
weaker but more compatible cipher suite.
We recommend that SSL setups update to the stronger cipher suites, if possible, by adding the below entry to the Flink configuration:
For strong security, it is crucial to use modern and robust cipher suites. [IETF RFC 9325](https://www.rfc-editor.org/info/rfc9325), which supersedes the older RFC 7525, provides current recommendations for the secure use of TLS.

In response to evolving security standards and to ensure compatibility with modern Java versions, Flink has updated its default cipher suites. Recent JDK updates (affecting versions like 11.0.30+, 17.0.18+, etc.) have disabled older `TLS_RSA_*` cipher suites that lack forward secrecy.

```yaml
security.ssl.algorithms: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
```
To support these secure-by-default JDK versions and align with best practices, Flink's default value for `security.ssl.algorithms` is now:

If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

{{< /hint >}}
This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.

### Complete List of SSL Options

Expand Down
45 changes: 45 additions & 0 deletions docs/content/release-notes/flink-2.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
title: "Release Notes - Flink 2.3"
---

<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->

# Release notes - Flink 2.3

These release notes discuss important aspects, such as configuration, behavior or dependencies,
that changed between Flink 2.2 and Flink 2.3. Please read these notes carefully if you are
planning to upgrade your Flink version to 2.3.


### Core

#### Set security.ssl.algorithms default value to modern cipher suite

### [FLINK-39022](https://issues.apache.org/jira/browse/FLINK-39022)

A JDK update (affecting JDK 11.0.30+, 17.0.18+, 21.0.10+, and 24+) disabled `TLS_RSA_*` cipher suites.
This was done to support forward-secrecy (RFC 9325) and comply with the IETF Draft on *Deprecating Obsolete Key Exchange Methods in TLS*.

To support these and future JDK versions, the default value for the Flink configuration option `security.ssl.algorithms` has been changed to a modern, widely available cipher suite:

`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
4 changes: 2 additions & 2 deletions docs/layouts/shortcodes/generated/security_configuration.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,9 @@
</tr>
<tr>
<td><h5>security.ssl.algorithms</h5></td>
<td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
<td style="word-wrap: break-word;">"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
<td>String</td>
<td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a></td>
<td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names">here</a></td>
</tr>
<tr>
<td><h5>security.ssl.internal.cert.fingerprint</h5></td>
Expand Down
4 changes: 2 additions & 2 deletions docs/layouts/shortcodes/generated/security_ssl_section.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@
<tbody>
<tr>
<td><h5>security.ssl.algorithms</h5></td>
<td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
<td style="word-wrap: break-word;">"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
<td>String</td>
<td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a></td>
<td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names">here</a></td>
</tr>
<tr>
<td><h5>security.ssl.internal.cert.fingerprint</h5></td>
Expand Down
7 changes: 4 additions & 3 deletions flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -498,19 +498,20 @@ public static Configuration forProvider(Configuration configuration, String prov
* The standard SSL algorithms to be supported.
*
* <p>More options here -
* http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
* https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names
*/
@Documentation.Section(Documentation.Sections.SECURITY_SSL)
public static final ConfigOption<String> SSL_ALGORITHMS =
key("security.ssl.algorithms")
.stringType()
.defaultValue("TLS_RSA_WITH_AES_128_CBC_SHA")
.defaultValue(
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
Copy link
Contributor

@davidradl davidradl Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be put out a warning if we find an algorithm that we consider insecure; specifically checking for the older algs we used to use?

Copy link
Contributor

@gaborgsomogyi gaborgsomogyi Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We just want to make it more secure which will comply with the latest RFC. Not yet understand what insecure cipher you mean here🤔

Copy link
Contributor

@davidradl davidradl Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to you, that If a custom cipher is supplied that does not comply with the latest RFC, then we put out a warning to draw the users attention to something that looks insecure, because it does not comply with the latest RFC ?

Copy link
Contributor

@gaborgsomogyi gaborgsomogyi Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding such warnig is fair point but I don't understand how do you plan to do that phisically. The latest RFC suggests 4 suites. If the user add stronger/weaker than the suggested then how do you decide from Flink code whether we should give a warning or not? If you can highlight the logic then I would buy that.

.withDescription(
Description.builder()
.text(
"The comma separated list of standard SSL algorithms to be supported. Read more %s",
link(
"http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites",
"https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names",
"here"))
.build());

Expand Down
7 changes: 7 additions & 0 deletions flink-core/src/test/java/org/apache/flink/configuration/SecurityOptionsTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,11 @@ void checkEnableRestSSLAuthentication() {
options.set(SecurityOptions.SSL_REST_AUTHENTICATION_ENABLED, true);
assertThat(SecurityOptions.isRestSSLAuthenticationEnabled(options)).isTrue();
}

@Test
void checkDefaultCipherSuite() {
assertThat(SecurityOptions.SSL_ALGORITHMS.defaultValue())
.isEqualTo(
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
}
}
5 changes: 0 additions & 5 deletions flink-runtime/src/test/java/org/apache/flink/runtime/net/SSLUtilsTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -523,11 +523,6 @@ public static String getRestCertificateFingerprint(
private static void addSslProviderConfig(Configuration config, String sslProvider) {
if (sslProvider.equalsIgnoreCase("OPENSSL")) {
OpenSsl.ensureAvailability();

// Flink's default algorithm set is not available for openSSL - choose a different one:
Copy link
Contributor

@gaborgsomogyi gaborgsomogyi Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question here

Copy link
Contributor Author

@balassai balassai Feb 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TLSv1.2 is the default for security.ssl.protocol it and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is the new default value of security.ssl algorithm, therefore it is safe to remove here.
https://docs.openssl.org/1.0.2/man1/ciphers/#tls-v12-cipher-suites

config.set(
SecurityOptions.SSL_ALGORITHMS,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
}
config.set(SecurityOptions.SSL_PROVIDER, sslProvider);
}
Expand Down