[NIFI-8037] Support TLS 1.3 in SSLContextService on Java 8 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Resolved
Affects Version/s: 1.13.0, 1.12.1
Fix Version/s: None
Component/s: Security
Labels:
None
Environment:
AdoptOpenJDK 8 Update 275 and Azul Zulu JDK 8 Update 275

Description

The following vendors introduced support for TLS 1.3 on Java 8:

The StandardSSLContextService and StandardRestrictedSSLContextService services do not support selecting TLS 1.3 when running on Java 8 due to TlsConfiguration class methods checking the Java runtime version and return TLSv1.2 for versions older than Java 11.

Improvements to resolve unit test issues with TLS protocols in ~~NIFI-8019~~ could be leveraged to support runtime determination of supported TLS protocol versions. This would provide the option to select TLS 1.3 when running on supported versions of Java 8 and remove the need for checking the Java version number.

Attachments

Issue Links

fixes

NIFI-7662 Add unit tests for Java 8 update 262 TLS v1.3 handling for different vendors

Resolved

is related to

NIFI-8019 SSL Enabled Protocol test failures when TLSv1 and TLSv1.1 disabled in java.security

Resolved

relates to

NIFI-6563 Add support for TLSv1.3 when running on Java 11

Resolved

links to

GitHub Pull Request #4827

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Nov/20 13:23

Updated:: 19/Jul/21 19:35

Resolved:: 24/May/21 04:48

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: