You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by Pierre Villard <pi...@gmail.com> on 2019/08/14 09:46:32 UTC
TLS Toolkit - Token length
Hey guys,
It is possible to start the TLS toolkit in server mode with a token length
below the required 16 bits. But when the client is performing the request,
it'll be denied with the message "Token does not meet minimum size of 16
bytes". Would it make sense to just prevent the TLS toolkit to start in
server mode when the token is below 16 bytes?
Happy to file a JIRA and submit a PR, just wanted to check I'm not missing
an edge case.
Thanks,
Pierre
Re: TLS Toolkit - Token length
Posted by Pierre Villard <pi...@gmail.com>.
Hi Andy,
Thanks for your feedback. I filed a JIRA [1] and will work on a PR.
[1] https://issues.apache.org/jira/browse/NIFI-6571
Le mer. 14 août 2019 à 19:08, Andy LoPresto <al...@apache.org> a écrit :
> Hi Pierre,
>
> I think you are 100% correct that this would be aa significant
> improvement. I am in the midst of refactoring the TLS Toolkit completely
> [1], so this is something I will keep in mind for that overhaul. In the
> meantime, if you would like to file a Jira and submit a PR for the current
> instance, that would be helpful to people. Please link the Jira to this
> epic [2] where I am tracking a lot of interrelated TLS improvements.
>
> [1] https://issues.apache.org/jira/browse/NIFI-5462 <
> https://issues.apache.org/jira/browse/NIFI-5462>
> [2] https://issues.apache.org/jira/browse/NIFI-5458 <
> https://issues.apache.org/jira/browse/NIFI-5458>
>
> Andy LoPresto
> alopresto@apache.org
> alopresto.apache@gmail.com
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
>
> > On Aug 14, 2019, at 2:46 AM, Pierre Villard <pi...@gmail.com>
> wrote:
> >
> > Hey guys,
> >
> > It is possible to start the TLS toolkit in server mode with a token
> length
> > below the required 16 bits. But when the client is performing the
> request,
> > it'll be denied with the message "Token does not meet minimum size of 16
> > bytes". Would it make sense to just prevent the TLS toolkit to start in
> > server mode when the token is below 16 bytes?
> >
> > Happy to file a JIRA and submit a PR, just wanted to check I'm not
> missing
> > an edge case.
> >
> > Thanks,
> > Pierre
>
>
Re: TLS Toolkit - Token length
Posted by Andy LoPresto <al...@apache.org>.
Hi Pierre,
I think you are 100% correct that this would be aa significant improvement. I am in the midst of refactoring the TLS Toolkit completely [1], so this is something I will keep in mind for that overhaul. In the meantime, if you would like to file a Jira and submit a PR for the current instance, that would be helpful to people. Please link the Jira to this epic [2] where I am tracking a lot of interrelated TLS improvements.
[1] https://issues.apache.org/jira/browse/NIFI-5462 <https://issues.apache.org/jira/browse/NIFI-5462>
[2] https://issues.apache.org/jira/browse/NIFI-5458 <https://issues.apache.org/jira/browse/NIFI-5458>
Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Aug 14, 2019, at 2:46 AM, Pierre Villard <pi...@gmail.com> wrote:
>
> Hey guys,
>
> It is possible to start the TLS toolkit in server mode with a token length
> below the required 16 bits. But when the client is performing the request,
> it'll be denied with the message "Token does not meet minimum size of 16
> bytes". Would it make sense to just prevent the TLS toolkit to start in
> server mode when the token is below 16 bytes?
>
> Happy to file a JIRA and submit a PR, just wanted to check I'm not missing
> an edge case.
>
> Thanks,
> Pierre