Currently, the Flink processes encrypted connections via SSL:
- Data exchange TM - TM
- RPC JM - TM
- Blob Service JM - TM
However, the server side always accepts any client to build up the connection, meaning the connections are not strongly authenticated.
Activating SSL mutual authentication solves that - only processes that have the same certificate can connect.