You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Troy Melhase (JIRA)" <ji...@apache.org> on 2019/04/15 20:37:00 UTC
[jira] [Commented] (NIFI-6019) Remove Trusted Hostname property
from InvokeHTTP processor
[ https://issues.apache.org/jira/browse/NIFI-6019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818366#comment-16818366 ]
Troy Melhase commented on NIFI-6019:
------------------------------------
I'm not sure how/when to update the wiki. I think the text should be something like:
* Migrating from 1.x.x to 1.10.0
** The "Trusted Host" property was removed from the InvokeHTTP processor. Instead of using this property, administrators should repair any name resolution issues on NiFi cluster hosts, and as necessary, adjust the JDK truststore per [https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html].
> Remove Trusted Hostname property from InvokeHTTP processor
> ----------------------------------------------------------
>
> Key: NIFI-6019
> URL: https://issues.apache.org/jira/browse/NIFI-6019
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.8.0
> Reporter: Andy LoPresto
> Assignee: Troy Melhase
> Priority: Major
> Labels: InvokeHTTP, certificate, hostname, http, security, tls
>
> The {{Trusted Hostname}} property in the {{InvokeHTTP}} processor is a legacy property created for a specific use in constrained environments. It now causes more problems than it solves ([mailing list questions|https://lists.apache.org/list.html?users@nifi.apache.org:gte=1d:trusted%20hostname]) and should not be provided as it is a security risk. Removing this property and encouraging users to correctly deploy TLS certificates when necessary is the correct path forward.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)