[ https://issues.apache.org/jira/browse/NIFI-8019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17249481#comment-17249481 ]
ASF subversion and git services commented on NIFI-8019: ------------------------------------------------------- Commit 28ca7478d6c209f7029670dd4ced5ed9206ecc9f in nifi's branch refs/heads/main from exceptionfactory [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=28ca747 ] NIFI-8019 Added TlsPlatform to provide runtime TLS protocol configuration NIFI-8019 Renamed getDefaultProtocols() to getSupportedProtocols() Signed-off-by: Nathan Gough <thena...@gmail.com> This closes #4673. > SSL Enabled Protocol test failures when TLSv1 and TLSv1.1 disabled in > java.security > ----------------------------------------------------------------------------------- > > Key: NIFI-8019 > URL: https://issues.apache.org/jira/browse/NIFI-8019 > Project: Apache NiFi > Issue Type: Bug > Components: Security > Affects Versions: 1.12.1 > Environment: Fedora 33 OpenJDK 11.0.9 > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Time Spent: 2h 20m > Remaining Estimate: 0h > > The SslContextFactoryTest in nifi-security-utils and other test classes > evaluate the array of enabled protocols during various unit tests after > constructing an SSLContext. This unit test and others contain a static array > of expected protocols that include TLSv1 and TLSv1.1. > Recent versions of Java 8 and 11 continue to allow these protocols, however, > Fedora 33 introduced changes to the default cryptographic policies that > disable TLSv1 and TLSv1.1. The following Fedora Wiki page describes the > changes: > [https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2] > The Fedora 33 _crypto-policies_ RPM includes the following policy file: > /usr/share/crypto-policies/DEFAULT/java.txt > The Java policy includes TLSv1 and TLSv1.1 in the property for > jdk.tls.disabledAlgorithms. This policy is included at runtime due to the > java.security policy enabling security.useSystemPropertiesFile. > The SslContextFactoryTest and other tests that evaluate enabled SSL protocols > should be updated to dynamically determine which protocols to expect using > the SSLContext.getDefaultSSLParameters().getProtocols() method. -- This message was sent by Atlassian Jira (v8.3.4#803005)