You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Martin Zink (Jira)" <ji...@apache.org> on 2021/01/25 13:33:00 UTC
[jira] [Commented] (MINIFICPP-1453) Ability to disable older TLS
versions in MiNiFi C++ agents
[ https://issues.apache.org/jira/browse/MINIFICPP-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271309#comment-17271309 ]
Martin Zink commented on MINIFICPP-1453:
----------------------------------------
After investigating this issue, it turns out that currently only TLS protocol v1.2 is supported.
This is hard coded in the [TLSSocket class|https://github.com/apache/nifi-minifi-cpp/blob/9d0743cd84a46eb120a9b29566ced9905c682f31/libminifi/src/io/tls/TLSSocket.cpp#L74]
I've added a couple integration tests to verify this behaviour in https://github.com/apache/nifi-minifi-cpp/pull/978
> Ability to disable older TLS versions in MiNiFi C++ agents
> ----------------------------------------------------------
>
> Key: MINIFICPP-1453
> URL: https://issues.apache.org/jira/browse/MINIFICPP-1453
> Project: Apache NiFi MiNiFi C++
> Issue Type: Improvement
> Reporter: Martin Zink
> Assignee: Martin Zink
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently on minifi C++ agents communication with C2 using older TLS security protocols (e.g. TLS v1, TLS v1.1) cannot be explicitly disabled. (unlike on the java agents where this can be achieved with the _nifi.minifi.security.ssl.protocol_ config parameter)
> This might be a security requirement for various use-cases.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)