[FLINK-39022][security] Set security.ssl.algorithms default value to modern cipher suite

docs/content.zh/docs/deployment/security/security-ssl.md

@@ -150,20 +150,16 @@ security.ssl.rest.authentication-enabled: false
 
 ### Cipher suites
 
-{{< hint warning >}}
-The [IETF RFC 7525](https://tools.ietf.org/html/rfc7525) recommends to use a specific set of cipher suites for strong security.
-Because these cipher suites were not available on many setups out of the box, Flink's default value is set to a slightly
-weaker but more compatible cipher suite.
-We recommend that SSL setups update to the stronger cipher suites, if possible, by adding the below entry to the Flink configuration:
+For strong security, it is crucial to use modern and robust cipher suites. [IETF RFC 9325](https://www.rfc-editor.org/info/rfc9325), which supersedes the older RFC 7525, provides current recommendations for the secure use of TLS.
 
+In response to evolving security standards and to ensure compatibility with modern Java versions, Flink has updated its default cipher suites. Recent JDK updates (affecting versions like 11.0.30+, 17.0.18+, etc.) have disabled older `TLS_RSA_*` cipher suites that lack forward secrecy.
 
-```yaml
-security.ssl.algorithms: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-```
+To support these secure-by-default JDK versions and align with best practices, Flink's default value for `security.ssl.algorithms` is now:
 
-If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
+`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
 
-{{< /hint >}}
+This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
+If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
 
 ### Complete List of SSL Options
 

docs/content/docs/deployment/security/security-ssl.md

@@ -150,20 +150,16 @@ security.ssl.rest.authentication-enabled: false
 
 ### Cipher suites
 
-{{< hint warning >}}
-The [IETF RFC 7525](https://tools.ietf.org/html/rfc7525) recommends to use a specific set of cipher suites for strong security.
-Because these cipher suites were not available on many setups out of the box, Flink's default value is set to a slightly
-weaker but more compatible cipher suite.
-We recommend that SSL setups update to the stronger cipher suites, if possible, by adding the below entry to the Flink configuration:
+For strong security, it is crucial to use modern and robust cipher suites. [IETF RFC 9325](https://www.rfc-editor.org/info/rfc9325), which supersedes the older RFC 7525, provides current recommendations for the secure use of TLS.
 
+In response to evolving security standards and to ensure compatibility with modern Java versions, Flink has updated its default cipher suites. Recent JDK updates (affecting versions like 11.0.30+, 17.0.18+, etc.) have disabled older `TLS_RSA_*` cipher suites that lack forward secrecy.
 
-```yaml
-security.ssl.algorithms: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-```
+To support these secure-by-default JDK versions and align with best practices, Flink's default value for `security.ssl.algorithms` is now:
 
-If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
+`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
 
-{{< /hint >}}
+This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
+If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
 
 ### Complete List of SSL Options
 

docs/layouts/shortcodes/generated/security_configuration.html

@@ -88,9 +88,9 @@
         </tr>
         <tr>
             <td><h5>security.ssl.algorithms</h5></td>
-            <td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
+            <td style="word-wrap: break-word;">"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
             <td>String</td>
-            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a></td>
+            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names">here</a></td>
         </tr>
         <tr>
             <td><h5>security.ssl.internal.cert.fingerprint</h5></td>

docs/layouts/shortcodes/generated/security_ssl_section.html

@@ -10,9 +10,9 @@
     <tbody>
         <tr>
             <td><h5>security.ssl.algorithms</h5></td>
-            <td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
+            <td style="word-wrap: break-word;">"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
             <td>String</td>
-            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a></td>
+            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names">here</a></td>
         </tr>
         <tr>
             <td><h5>security.ssl.internal.cert.fingerprint</h5></td>

flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java

@@ -551,19 +551,20 @@ public static Configuration forProvider(Configuration configuration, String prov
      * The standard SSL algorithms to be supported.
      *
      * <p>More options here -
-     * http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
+     * https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names
      */
     @Documentation.Section(Documentation.Sections.SECURITY_SSL)
     public static final ConfigOption<String> SSL_ALGORITHMS =
             key("security.ssl.algorithms")
                     .stringType()
-                    .defaultValue("TLS_RSA_WITH_AES_128_CBC_SHA")
+                    .defaultValue(
+                            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
                     .withDescription(
                             Description.builder()
                                     .text(
                                             "The comma separated list of standard SSL algorithms to be supported. Read more %s",
                                             link(
-                                                    "http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites",
+                                                    "https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names",
                                                     "here"))
                                     .build());
 

flink-core/src/test/java/org/apache/flink/configuration/SecurityOptionsTest.java

@@ -72,4 +72,11 @@ void checkEnableRestSSLAuthentication() {
         options.set(SecurityOptions.SSL_REST_AUTHENTICATION_ENABLED, true);
         assertThat(SecurityOptions.isRestSSLAuthenticationEnabled(options)).isTrue();
     }
+
+    @Test
+    void checkDefaultCipherSuite() {
+        assertThat(SecurityOptions.SSL_ALGORITHMS.defaultValue())
+                .isEqualTo(
+                        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
+    }
 }

flink-end-to-end-tests/test-scripts/common_ssl.sh

@@ -95,6 +95,7 @@ function _set_conf_ssl_helper {
     fi
 
     # adapt config
+    set_config_key security.ssl.algorithms "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
     set_config_key security.ssl.provider ${provider}
     set_config_key security.ssl.${type}.enabled true
     set_config_key security.ssl.${type}.keystore ${ssl_dir}/node.keystore

flink-runtime/src/test/java/org/apache/flink/runtime/blob/BlobClientSslTest.java

@@ -52,6 +52,9 @@ static void startSSLServer() throws IOException {
         Configuration config =
                 SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(
                         SecurityOptions.SSL_PROVIDER.defaultValue());
+        config.set(
+                SecurityOptions.SSL_ALGORITHMS,
+                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
 
         blobSslServer = TestingBlobUtils.createServer(tempDir.resolve("ssl"), config);
         blobSslServer.start();

flink-runtime/src/test/java/org/apache/flink/runtime/io/network/netty/NettyClientServerSslTest.java

@@ -45,6 +45,7 @@
 import java.time.Duration;
 import java.util.List;
 
+import static org.apache.flink.configuration.SecurityOptions.SSL_ALGORITHMS;
 import static org.apache.flink.configuration.SecurityOptions.SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT;
 import static org.apache.flink.configuration.SecurityOptions.SSL_INTERNAL_HANDSHAKE_TIMEOUT;
 import static org.apache.flink.configuration.SecurityOptions.SSL_INTERNAL_SESSION_CACHE_SIZE;
@@ -74,6 +75,9 @@ void testValidSslConnection() throws Exception {
     void testValidSslConnectionAdvanced() throws Exception {
         Configuration sslConfig = createSslConfig();
         sslConfig.set(SSL_INTERNAL_SESSION_CACHE_SIZE, 1);
+        sslConfig.set(
+                SSL_ALGORITHMS,
+                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
 
         // using different timeouts for each of the configuration parameters ensures that the right
         // config value is used in the right place
@@ -267,6 +271,9 @@ void testSslPinningForValidFingerprint() throws Exception {
 
         Configuration config = createSslConfig();
 
+        config.set(
+                SSL_ALGORITHMS,
+                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
         // pin the certificate based on internal cert
         config.set(
                 SecurityOptions.SSL_INTERNAL_CERT_FINGERPRINT,

flink-runtime/src/test/java/org/apache/flink/runtime/net/SSLUtilsTest.java

@@ -367,7 +367,7 @@ void testSetSSLVersionAndCipherSuitesForSSLServerSocket(String sslProvider) thro
         serverConfig.set(SecurityOptions.SSL_PROTOCOL, "TLSv1.1");
         serverConfig.set(
                 SecurityOptions.SSL_ALGORITHMS,
-                "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256");
+                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
 
         try (ServerSocket socket =
                 SSLUtils.createSSLServerSocketFactory(serverConfig).createServerSocket(0)) {
@@ -381,7 +381,9 @@ void testSetSSLVersionAndCipherSuitesForSSLServerSocket(String sslProvider) thro
             assertThat(protocols[0]).isEqualTo("TLSv1.1");
             assertThat(algorithms).hasSize(2);
             assertThat(algorithms)
-                    .contains("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256");
+                    .contains(
+                            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+                            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
         }
     }
 
@@ -483,6 +485,9 @@ private Configuration createInternalSslConfigWithTrustStore(String sslProvider)
     public static Configuration createInternalSslConfigWithKeyAndTrustStores(String sslProvider) {
         final Configuration config = new Configuration();
         config.set(SecurityOptions.SSL_INTERNAL_ENABLED, true);
+        config.set(
+                SecurityOptions.SSL_ALGORITHMS,
+                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
         addSslProviderConfig(config, sslProvider);
         addInternalKeyStoreConfig(config);
         addInternalTrustStoreConfig(config);
@@ -518,11 +523,6 @@ public static String getRestCertificateFingerprint(
     private static void addSslProviderConfig(Configuration config, String sslProvider) {
         if (sslProvider.equalsIgnoreCase("OPENSSL")) {
             OpenSsl.ensureAvailability();
-
-            // Flink's default algorithm set is not available for openSSL - choose a different one:
-            config.set(
-                    SecurityOptions.SSL_ALGORITHMS,
-                    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
         }
         config.set(SecurityOptions.SSL_PROVIDER, sslProvider);
     }

flink-runtime/src/test/java/org/apache/flink/runtime/rest/RestServerSSLAuthITCase.java

@@ -143,7 +143,7 @@ private static Tuple2<Configuration, Configuration> getClientServerConfiguration
         baseConfig.set(RestOptions.ADDRESS, "localhost");
         baseConfig.set(SecurityOptions.SSL_REST_ENABLED, true);
         baseConfig.set(SecurityOptions.SSL_REST_AUTHENTICATION_ENABLED, true);
-        baseConfig.set(SecurityOptions.SSL_ALGORITHMS, "TLS_RSA_WITH_AES_128_CBC_SHA");
+        baseConfig.set(SecurityOptions.SSL_ALGORITHMS, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
 
         Configuration serverConfig = new Configuration(baseConfig);
         serverConfig.set(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_FILE);

flink-runtime/src/test/java/org/apache/flink/runtime/rpc/RpcSSLAuthITCase.java

@@ -63,7 +63,7 @@ void testConnectFailure() throws Exception {
         sslConfig1.set(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, "password");
         sslConfig1.set(SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, "password");
         sslConfig1.set(SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, "password");
-        sslConfig1.set(SecurityOptions.SSL_ALGORITHMS, "TLS_RSA_WITH_AES_128_CBC_SHA");
+        sslConfig1.set(SecurityOptions.SSL_ALGORITHMS, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
 
         // !!! This config has KEY_STORE_FILE / UNTRUSTED_KEY_STORE_FILE !!!
         // If this is presented by a client, it will trust the server, but the server will
@@ -75,7 +75,7 @@ void testConnectFailure() throws Exception {
         sslConfig2.set(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, "password");
         sslConfig2.set(SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, "password");
         sslConfig2.set(SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, "password");
-        sslConfig2.set(SecurityOptions.SSL_ALGORITHMS, "TLS_RSA_WITH_AES_128_CBC_SHA");
+        sslConfig2.set(SecurityOptions.SSL_ALGORITHMS, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
 
         RpcService rpcService1 = null;
         RpcService rpcService2 = null;