Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-1478

Audit SSLContextFactory and SSLSocketFactory usage throughout application

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Critical
    • Resolution: Implemented
    • 0.5.0
    • None
    • Core Framework

    Description

      The internal use of SSLSocketFactory and SSLContextFactory is inconsistent, as the application has grown around the concept of secure communications. NiFi can act as both a server and as a client for communications, and the default configuration should make it easy for new users to quickly secure the application for incoming and outgoing connections.

      In addition, SSLSocketFactory has some inconsistencies and idiosyncrasies which may confuse users [1].

      [1] http://stackoverflow.com/a/23365536/70465

      Attachments

        Issue Links

          incorporates

          Bug - A problem which impairs or prevents the functions of the product. NIFI-5623 Update all usage of Okhttp to latest library

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NIFI-1504 InvokeHttp hits NPE if target system doesn't respond with proper HTTPS Headers

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved
          Is contained by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NIFI-5458 Improve NiFi TLS and certificate management

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-1995 Support keystores with multiple certificates by exposing alias selection in configuration

          • Major - Major loss of function.
          • Open
          is related to

          Sub-task - The sub-task of the issue NIFI-5176 NiFi needs to be buildable on Java 11

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-1990 Implement consistent security controls for cluster, site-to-site, and API communications

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. NIFI-2930 SSLContextFactory throws Exception when Keystore password differs from Key password

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. NIFI-1444 PostHTTP cannot work with public HTTPS sites

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NIFI-1688 PostHTTP does not honor SSLContextService Protocols

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-1480 Allow different cipher suites configurable properties for NiFi UI & integrations

          • Major - Major loss of function.
          • Open

          Task - A task that needs to be done. NIFI-1525 Audit use of private keys throughout application

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              alopresto Andy LoPresto
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 336h
                  336h
                  Remaining:
                  Remaining Estimate - 336h
                  336h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified