You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/09/10 03:12:22 UTC
[jira] [Commented] (NIFI-2266) GetHTTP and PutHTTP use hard-coded
TLS protocol version
[ https://issues.apache.org/jira/browse/NIFI-2266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15479020#comment-15479020 ]
ASF GitHub Bot commented on NIFI-2266:
--------------------------------------
GitHub user alopresto opened a pull request:
https://github.com/apache/nifi/pull/999
NIFI-2266 Enabled TLSv1.1 and TLSv1.2 protocols for GetHTTP processor
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/alopresto/nifi NIFI-2266
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/999.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #999
----
commit e35495ef1f5fbd1fa3b69c959e88ebef3afda46f
Author: Andy LoPresto <al...@apache.org>
Date: 2016-09-10T02:00:49Z
NIFI-2266 Refactored GetHTTP processor to use SSLContext protocol vs. hard-coded TLSv1.
Added unit tests.
Added test resources.
commit afe79031b10aa71dacd1ef45225ca7a21ca19774
Author: Andy LoPresto <al...@apache.org>
Date: 2016-09-10T03:08:16Z
NIFI-2266 Converted test handler to return 200 on GET request.
Fixed test assertions for HTTP responses and queued flowfiles.
----
> GetHTTP and PutHTTP use hard-coded TLS protocol version
> -------------------------------------------------------
>
> Key: NIFI-2266
> URL: https://issues.apache.org/jira/browse/NIFI-2266
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 0.7.0, 0.6.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Labels: https, security, tls
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> As pointed out on the mailing list [1], the {{GetHTTP}} (and likely {{PutHTTP}}) processors use a hard-coded TLS protocol version. {{PostHTTP}} also did this and was fixed by [NIFI-1688].
> The same fix should apply here and unit tests already exist which can be applied to the other processors as well.
> For future notice, {{InvokeHTTP}} is a better processor for generic HTTP operations and has supported reading the TLS protocol version from the {{SSLContextService}} for some time.
> [1] https://lists.apache.org/thread.html/a48e2ebbc2231d685491ae6b856c760620efca5bff2c7249f915b24d@%3Cdev.nifi.apache.org%3E
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)