You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2020/11/23 13:24:00 UTC

[jira] [Created] (NIFI-8037) Support TLS 1.3 in SSLContextService on Java 8

David Handermann created NIFI-8037:
--------------------------------------

             Summary: Support TLS 1.3 in SSLContextService on Java 8
                 Key: NIFI-8037
                 URL: https://issues.apache.org/jira/browse/NIFI-8037
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Security
    Affects Versions: 1.12.1
         Environment: AdoptOpenJDK 8 Update 275 and Azul Zulu JDK 8 Update 275
            Reporter: David Handermann
            Assignee: David Handermann


The following vendors introduced support for TLS 1.3 on Java 8:

* [Oracle JDK 8 Update 261|https://www.oracle.com/java/technologies/javase/8u261-relnotes.html]
* [Azul Zulu JDK 8 Update 262|https://www.azul.com/keeping-network-traffic-safe-in-jdk-8-with-tls-1-3/]
* [AdoptOpenJDK 8 Update 272|https://blog.adoptopenjdk.net/2020/10/adoptopenjdk-8u272-1109-and-1501-available/]

The StandardSSLContextService and StandardRestrictedSSLContextService services do not support selecting TLS 1.3 when running on Java 8 due to [TlsConfiguration|https://github.com/apache/nifi/blob/rel/nifi-1.12.1/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java] class methods checking the Java runtime version and return TLSv1.2 for versions older than Java 11.

Improvements to resolve unit test issues with TLS protocols in NIFI-8019 could be leveraged to support runtime determination of supported TLS protocol versions.  This would provide the option to select TLS 1.3 when running on supported versions of Java 8 and remove the need for checking the Java version number.




--
This message was sent by Atlassian Jira
(v8.3.4#803005)