The SslContextFactoryTest in nifi-security-utils and other test classes evaluate the array of enabled protocols during various unit tests after constructing an SSLContext. This unit test and others contain a static array of expected protocols that include TLSv1 and TLSv1.1.
Recent versions of Java 8 and 11 continue to allow these protocols, however, Fedora 33 introduced changes to the default cryptographic policies that disable TLSv1 and TLSv1.1. The following Fedora Wiki page describes the changes:
The Fedora 33 crypto-policies RPM includes the following policy file:
The Java policy includes TLSv1 and TLSv1.1 in the property for jdk.tls.disabledAlgorithms. This policy is included at runtime due to the java.security policy enabling security.useSystemPropertiesFile.
The SslContextFactoryTest and other tests that evaluate enabled SSL protocols should be updated to dynamically determine which protocols to expect using the SSLContext.getDefaultSSLParameters().getProtocols() method.