Expert Security Ssl Section

Key	Default	Type	Description

security.ssl.internal.close-notify-flush-timeout

| -1 | Integer | The timeout (in ms) for flushing the close_notify that was triggered by closing a channel. If the close_notify was not flushed in the given timeout the channel will be closed forcibly. (-1 = use system default) | |

security.ssl.internal.handshake-timeout

| -1 | Integer | The timeout (in ms) during SSL handshake. (-1 = use system default) | |

security.ssl.internal.session-cache-size

| -1 | Integer | The size of the cache used for storing SSL session objects. According to here, you should always set this to an appropriate number to not run into a bug with stalling IO threads during garbage collection. (-1 = use system default). | |

security.ssl.internal.session-timeout

| -1 | Integer | The timeout (in ms) for the cached SSL session objects. (-1 = use system default) | |

security.ssl.provider

| "JDK" | String | The SSL engine provider to use for the ssl transport:

• JDK: default Java-based SSL engine
• OPENSSL: openSSL-based SSL engine using system libraries

OPENSSL is based on netty-tcnative and comes in two flavours:

• dynamically linked: This will use your system's openSSL libraries (if compatible) and requires opt/flink-shaded-netty-tcnative-dynamic-*.jar to be copied to lib/
• statically linked: Due to potential licensing issues with openSSL (see LEGAL-393), we cannot ship pre-built libraries. However, you can build the required library yourself and put it into lib/:
  git clone https://github.com/apache/flink-shaded.git && cd flink-shaded && mvn clean package -Pinclude-netty-tcnative-static -pl flink-shaded-netty-tcnative-static

|