You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/06/24 16:53:00 UTC

[jira] [Commented] (NIFI-8523) Update secure ftp processors to allow restriction of algorithms, ciphers and message authentication codes

    [ https://issues.apache.org/jira/browse/NIFI-8523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17368967#comment-17368967 ] 

ASF subversion and git services commented on NIFI-8523:
-------------------------------------------------------

Commit 115bba9ab01d432da60d1fc29359812690a5b453 in nifi's branch refs/heads/main from Jon Kessler
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=115bba9 ]

NIFI-8523 Added SFTP algorithm and cipher properties

- Updated secure FTP processors to configure which algorithms, ciphers and message authentication codes are allowed to be used by the SSH Client
- Included Expression Language Variable Registry support for properties

This closes #5061

Signed-off-by: David Handermann <ex...@apache.org>


> Update secure ftp processors to allow restriction of algorithms, ciphers and message authentication codes
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-8523
>                 URL: https://issues.apache.org/jira/browse/NIFI-8523
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.13.2
>            Reporter: Jon Kessler
>            Assignee: Jon Kessler
>            Priority: Minor
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> The SFTPTransfer class, which is used for SSH communications by the four secure ftp processors (GetSFTP, ListSFTP, PutSFTP, and FetchSFTP), uses a java library called net.schmizz.sshj. This library allows one to restrict what algorithms, ciphers and message authentication codes are used by the ssh client created by that library. However SFTPTransfer is hardcoded to use the DefaultConfig which uses all available options.
> I believe it would be beneficial to expose this as a matter of configuration via PropertyDescriptors so that if an operator chose to they could eliminate options that did not fit within their desired security posture.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)