apache · balassai · Feb 27, 2026
diff --git a/docs/content.zh/docs/deployment/security/security-ssl.md b/docs/content.zh/docs/deployment/security/security-ssl.md
@@ -150,20 +150,16 @@ security.ssl.rest.authentication-enabled: false
 
 ### Cipher suites
 
-{{< hint warning >}}
-The [IETF RFC 7525](https://tools.ietf.org/html/rfc7525) recommends to use a specific set of cipher suites for strong security.
-Because these cipher suites were not available on many setups out of the box, Flink's default value is set to a slightly
-weaker but more compatible cipher suite.
-We recommend that SSL setups update to the stronger cipher suites, if possible, by adding the below entry to the Flink configuration:
+For strong security, it is crucial to use modern and robust cipher suites. [IETF RFC 9325](https://www.rfc-editor.org/info/rfc9325), which supersedes the older RFC 7525, provides current recommendations for the secure use of TLS.
 
+In response to evolving security standards and to ensure compatibility with modern Java versions, Flink has updated its default cipher suites. Recent JDK updates (affecting versions like 11.0.30+, 17.0.18+, etc.) have disabled older `TLS_RSA_*` cipher suites that lack forward secrecy.
 
-```yaml
-security.ssl.algorithms: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-```
+To support these secure-by-default JDK versions and align with best practices, Flink's default value for `security.ssl.algorithms` is now:
 
-If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
+`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
 
-{{< /hint >}}
+This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
+If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
 
 ### Complete List of SSL Options
 

diff --git a/docs/content/docs/deployment/security/security-ssl.md b/docs/content/docs/deployment/security/security-ssl.md
@@ -150,20 +150,16 @@ security.ssl.rest.authentication-enabled: false
 
 ### Cipher suites
 
-{{< hint warning >}}
-The [IETF RFC 7525](https://tools.ietf.org/html/rfc7525) recommends to use a specific set of cipher suites for strong security.
-Because these cipher suites were not available on many setups out of the box, Flink's default value is set to a slightly
-weaker but more compatible cipher suite.
-We recommend that SSL setups update to the stronger cipher suites, if possible, by adding the below entry to the Flink configuration:
+For strong security, it is crucial to use modern and robust cipher suites. [IETF RFC 9325](https://www.rfc-editor.org/info/rfc9325), which supersedes the older RFC 7525, provides current recommendations for the secure use of TLS.
 
+In response to evolving security standards and to ensure compatibility with modern Java versions, Flink has updated its default cipher suites. Recent JDK updates (affecting versions like 11.0.30+, 17.0.18+, etc.) have disabled older `TLS_RSA_*` cipher suites that lack forward secrecy.
 
-```yaml
-security.ssl.algorithms: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-```
+To support these secure-by-default JDK versions and align with best practices, Flink's default value for `security.ssl.algorithms` is now:
 
-If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
+`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
 
-{{< /hint >}}
+This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
+If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
 
 ### Complete List of SSL Options
 

diff --git a/docs/content/release-notes/flink-2.0.md b/docs/content/release-notes/flink-2.0.md
@@ -1663,3 +1663,18 @@ To avoid exposing internal interfaces, User-Defined Functions no longer have ful
       statement.
 - flink-client:
     - `run-application` action is removed: Please use `run -t kubernetes-application` to run Kubernetes Application mode.
+
+
+#### Set security.ssl.algorithms default value to modern cipher suite
+
+### [FLINK-39022](https://issues.apache.org/jira/browse/FLINK-39022)
+
+A JDK update (affecting JDK 11.0.30+, 17.0.18+, 21.0.10+, and 24+) disabled `TLS_RSA_*` cipher suites.
+This was done to support forward-secrecy (RFC 9325) and comply with the IETF Draft on *Deprecating Obsolete Key Exchange Methods in TLS*.
+
+To support these and future JDK versions, the default value for the Flink configuration option `security.ssl.algorithms` has been changed to a modern, widely available cipher suite:
+
+`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
+
+This default provides strong security and wide compatibility. You can customize the cipher suites using the `security.ssl.algorithms` configuration option if your environment has different requirements.
+If these cipher suites are not supported on your setup, you will see that Flink processes will not be able to connect to each other.
diff --git a/docs/layouts/shortcodes/generated/security_configuration.html b/docs/layouts/shortcodes/generated/security_configuration.html
@@ -88,9 +88,9 @@
         </tr>
         <tr>
             <td><h5>security.ssl.algorithms</h5></td>
-            <td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
+            <td style="word-wrap: break-word;">"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
             <td>String</td>
-            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a></td>
+            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names">here</a></td>
         </tr>
         <tr>
             <td><h5>security.ssl.internal.cert.fingerprint</h5></td>

diff --git a/docs/layouts/shortcodes/generated/security_ssl_section.html b/docs/layouts/shortcodes/generated/security_ssl_section.html
@@ -10,9 +10,9 @@
     <tbody>
         <tr>
             <td><h5>security.ssl.algorithms</h5></td>
-            <td style="word-wrap: break-word;">"TLS_RSA_WITH_AES_128_CBC_SHA"</td>
+            <td style="word-wrap: break-word;">"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"</td>
             <td>String</td>
-            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">here</a></td>
+            <td>The comma separated list of standard SSL algorithms to be supported. Read more <a href="https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names">here</a></td>
         </tr>
         <tr>
             <td><h5>security.ssl.internal.cert.fingerprint</h5></td>

diff --git a/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java b/flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
@@ -498,19 +498,20 @@ public static Configuration forProvider(Configuration configuration, String prov
      * The standard SSL algorithms to be supported.
      *
      * <p>More options here -
-     * http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
+     * https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names
      */
     @Documentation.Section(Documentation.Sections.SECURITY_SSL)
     public static final ConfigOption<String> SSL_ALGORITHMS =
             key("security.ssl.algorithms")
                     .stringType()
-                    .defaultValue("TLS_RSA_WITH_AES_128_CBC_SHA")
+                    .defaultValue(
+                            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
                     .withDescription(
                             Description.builder()
                                     .text(
                                             "The comma separated list of standard SSL algorithms to be supported. Read more %s",
                                             link(
-                                                    "http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites",
+                                                    "https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names",
                                                     "here"))
                                     .build());
 

diff --git a/flink-core/src/test/java/org/apache/flink/configuration/SecurityOptionsTest.java b/flink-core/src/test/java/org/apache/flink/configuration/SecurityOptionsTest.java
@@ -58,4 +58,11 @@ void checkEnableRestSSLAuthentication() {
         options.set(SecurityOptions.SSL_REST_AUTHENTICATION_ENABLED, true);
         assertThat(SecurityOptions.isRestSSLAuthenticationEnabled(options)).isTrue();
     }
+
+    @Test
+    void checkDefaultCipherSuite() {
+        assertThat(SecurityOptions.SSL_ALGORITHMS.defaultValue())
+                .isEqualTo(
+                        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
+    }
 }
diff --git a/flink-runtime/src/test/java/org/apache/flink/runtime/net/SSLUtilsTest.java b/flink-runtime/src/test/java/org/apache/flink/runtime/net/SSLUtilsTest.java
@@ -523,11 +523,6 @@ public static String getRestCertificateFingerprint(
     private static void addSslProviderConfig(Configuration config, String sslProvider) {
         if (sslProvider.equalsIgnoreCase("OPENSSL")) {
             OpenSsl.ensureAvailability();
-
-            // Flink's default algorithm set is not available for openSSL - choose a different one:
-            config.set(
-                    SecurityOptions.SSL_ALGORITHMS,
-                    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
         }
         config.set(SecurityOptions.SSL_PROVIDER, sslProvider);
     }