Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.5.0
-
None
Description
Currently NiFi uses the same collection of TLS cipher suites for both its role as a server and outgoing connections (i.e. GetHTTP or InvokeHTTP processors, etc.). This collection is not customizable or modifiable by end users.
Extract these values from the application to be configurable, provide sensible defaults, and decouple the roles so they can be set independently (i.e. more restrictive and stronger cipher suites for NiFi as a server, but allowing weaker/fallback cipher suites for external connections to a legacy resource).
Mozilla TLS Configuration Tool
Mozilla TLS Configuration Wiki
Attachments
Attachments
Issue Links
- incorporates
-
NIFI-1688 PostHTTP does not honor SSLContextService Protocols
- Resolved
- Is contained by
-
NIFI-5458 Improve NiFi TLS and certificate management
- Resolved
- is related to
-
NIFI-1478 Audit SSLContextFactory and SSLSocketFactory usage throughout application
- Resolved
-
NIFI-1277 Audit current use of cryptography throughout application
- Resolved
- relates to
-
NIFI-1990 Implement consistent security controls for cluster, site-to-site, and API communications
- Open
-
NIFI-1444 PostHTTP cannot work with public HTTPS sites
- Resolved