[NIFI-1480] Allow different cipher suites configurable properties for NiFi UI & integrations - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.5.0
Fix Version/s: None
Component/s: Core Framework
Labels:
- certificate
- security
- tls

Description

Currently NiFi uses the same collection of TLS cipher suites for both its role as a server and outgoing connections (i.e. GetHTTP or InvokeHTTP processors, etc.). This collection is not customizable or modifiable by end users.

Extract these values from the application to be configurable, provide sensible defaults, and decouple the roles so they can be set independently (i.e. more restrictive and stronger cipher suites for NiFi as a server, but allowing weaker/fallback cipher suites for external connections to a legacy resource).

Mozilla TLS Configuration Tool
Mozilla TLS Configuration Wiki

Attachments

Issue Links

incorporates

NIFI-1688 PostHTTP does not honor SSLContextService Protocols

Resolved

Is contained by

NIFI-5458 Improve NiFi TLS and certificate management

Resolved

is related to

NIFI-1478 Audit SSLContextFactory and SSLSocketFactory usage throughout application

Resolved

NIFI-1277 Audit current use of cryptography throughout application

Resolved

relates to

NIFI-1990 Implement consistent security controls for cluster, site-to-site, and API communications

Open

NIFI-1444 PostHTTP cannot work with public HTTPS sites

Resolved

(1 relates to)

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 2 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/Feb/16 02:51

Updated:: 25/Jul/18 22:38