You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "lordgamez (via GitHub)" <gi...@apache.org> on 2023/06/09 13:53:15 UTC

[GitHub] [nifi-minifi-cpp] lordgamez commented on pull request #1583: MINIFICPP-1719 Replace LibreSSL with OpenSSL 3.1

lordgamez commented on PR #1583:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1583#issuecomment-1584614132

   There was an issue with `HTTPClient` when specifying a TLS version in `ListenHTTPTests` with versions lower that 1.2. The version specification was ignored due to TLS versions below v1.2 are not supported by default in OpenSSL 3: https://github.com/openssl/openssl/issues/13299#issuecomment-721955354
   
   To support older TLS versions the security level has to be lowered to 0 in the SSL context. If the security level is set to the default value, the curl option changing the minimum and maximum TLS versions are ignored. As the SSL context of the `CURL` object cannot be directly modified it defaults to security level 1 and the `CURLOPT_SSLVERSION` change does not take effect. To circumvent this issue we can modify the security level and the TLS version inside the function set in `CURLOPT_SSL_CTX_FUNCTION` option where the `SSL_CTX` object is available. This change was introduced in 67eb58112fe948432498c39cae18aec78251fd22


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org