You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/07/09 06:33:11 UTC

[jira] [Commented] (NIFI-1688) PostHTTP does not honor SSLContextService Protocols

    [ https://issues.apache.org/jira/browse/NIFI-1688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368969#comment-15368969 ] 

ASF GitHub Bot commented on NIFI-1688:
--------------------------------------

GitHub user alopresto opened a pull request:

    https://github.com/apache/nifi/pull/624

    NIFI-1688 PostHTTP processor now uses protocol specified by SSLContextService

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/alopresto/nifi NIFI-1688

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/624.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #624
    
----
commit 4222d354c14d939f429fb6176cb3b9499b4861ad
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-21T22:31:56Z

    NIFI-1688 Added test skeleton.

commit dcfb41e48738d101e4676b60300ffa33c8c68c07
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-21T22:32:54Z

    NIFI-1688 Cleaned up unnecessary imports.

commit 8ef7bfd9af60b78db05f8620a5ea0a8b0dc9f44b
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-23T03:52:37Z

    NIFI-1688 Implemented integration test that generates key pair, inserts into and persists keystore, starts embedded HTTPS Jetty server, connects, and verifies response.
    
    Currently only TLSv1.2 connections are successful because of the overlap of cipher suites.
    
    Will manually insert cipher suites into server for TLSv1 and TLSv1.1 support.

commit de1c9d1680033cc38a0c3b330da44866ae91e07d
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-23T15:13:08Z

    NIFI-1688 Added debug information for supported cipher suites.

commit a7ec6814878974033a944f9635348372f79b4832
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-24T01:01:28Z

    NIFI-1688 Added test Groovlet for handling POST requests.
    Modified construction of SSLSocketFactory to avoid hardcoding supported protocol.
    Added integration tests (2 of 4 pass -- TLSv1.2 is supported on my machine but TLSv1 and TLSv1.1 are not).

commit 4b3955155a0cd8631594cc38065266f7a66d8058
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-24T03:43:04Z

    NIFI-1688 Resolved issue in PostHTTP -- now uses SSLContextService's protocol setting.
    Tests pass (require cleanup). Previously, dynamically-generated keystores with only RSA certificates were not acceptable for TLSv1 or TLSv1.1 connections which required DSA/DSS cipher suites for some reason.

commit 66472854b7c01ec7a38d15507860a1320c1ac062
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-24T03:48:16Z

    NIFI-1688 Tests pass (cleanup still required).

commit f0fd38e4d3a0cd76459a343930e623c1cd667b10
Author: Andy LoPresto <al...@apache.org>
Date:   2016-06-29T22:41:32Z

    NIFI-1688 Tests pass (cleanup still required).

commit 850fc8183820a95570df5187c0856060ca10f112
Author: Andy LoPresto <al...@apache.org>
Date:   2016-07-09T06:13:35Z

    NIFI-1688 Finished integration tests for PostHTTP processor.

commit c741043ee901e92858fcd08297bb8758139da6d1
Author: Andy LoPresto <al...@apache.org>
Date:   2016-07-09T06:29:32Z

    NIFI-1688 Removed legacy comments.
    Added ASF license to Groovlet handlers for test.

----


> PostHTTP does not honor SSLContextService Protocols
> ---------------------------------------------------
>
>                 Key: NIFI-1688
>                 URL: https://issues.apache.org/jira/browse/NIFI-1688
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>            Reporter: Aldrin Piri
>            Assignee: Andy LoPresto
>
> As per:
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PostHTTP.java#L391
> the SSLConnectionSocketFactory is hardcoded to use TLSv1 making connections impossible to some endpoints requiring TLSv1.1 or higher.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)