You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/09/10 03:12:22 UTC

[jira] [Commented] (NIFI-2266) GetHTTP and PutHTTP use hard-coded TLS protocol version

    [ https://issues.apache.org/jira/browse/NIFI-2266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15479020#comment-15479020 ] 

ASF GitHub Bot commented on NIFI-2266:
--------------------------------------

GitHub user alopresto opened a pull request:

    https://github.com/apache/nifi/pull/999

    NIFI-2266 Enabled TLSv1.1 and TLSv1.2 protocols for GetHTTP processor

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/alopresto/nifi NIFI-2266

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/999.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #999
    
----
commit e35495ef1f5fbd1fa3b69c959e88ebef3afda46f
Author: Andy LoPresto <al...@apache.org>
Date:   2016-09-10T02:00:49Z

    NIFI-2266 Refactored GetHTTP processor to use SSLContext protocol vs. hard-coded TLSv1.
    Added unit tests.
    Added test resources.

commit afe79031b10aa71dacd1ef45225ca7a21ca19774
Author: Andy LoPresto <al...@apache.org>
Date:   2016-09-10T03:08:16Z

    NIFI-2266 Converted test handler to return 200 on GET request.
    Fixed test assertions for HTTP responses and queued flowfiles.

----


> GetHTTP and PutHTTP use hard-coded TLS protocol version
> -------------------------------------------------------
>
>                 Key: NIFI-2266
>                 URL: https://issues.apache.org/jira/browse/NIFI-2266
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 0.7.0, 0.6.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: https, security, tls
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> As pointed out on the mailing list [1], the {{GetHTTP}} (and likely {{PutHTTP}}) processors use a hard-coded TLS protocol version. {{PostHTTP}} also did this and was fixed by [NIFI-1688]. 
> The same fix should apply here and unit tests already exist which can be applied to the other processors as well. 
> For future notice, {{InvokeHTTP}} is a better processor for generic HTTP operations and has supported reading the TLS protocol version from the {{SSLContextService}} for some time. 
> [1] https://lists.apache.org/thread.html/a48e2ebbc2231d685491ae6b856c760620efca5bff2c7249f915b24d@%3Cdev.nifi.apache.org%3E



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)