[
https://issues.apache.org/jira/browse/NIFI-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315783#comment-17315783
]
David Handermann commented on NIFI-7468:
----------------------------------------
The following processors received and handled files when running under Java
11.0.10 with TLSv1.3:
- ListenTCP
- ListenTCPRecord
The {{PutTCP}} processor worked with TLSv1.3, but did not terminate TLS
connections properly when configured with TLSv1.3. The underlying
{{SSLSocketChannelSender}} class is not closing SSLSocketChannel resources
before closing the socket connection, resulting in issues on the remote server.
{{SSLSocketChannelSender}} supports the following components:
- PutTCP
- PutSplunk
- PutSyslog
> Improve internal handling of SSL channels
> -----------------------------------------
>
> Key: NIFI-7468
> URL: https://issues.apache.org/jira/browse/NIFI-7468
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Extensions
> Affects Versions: 1.11.4
> Reporter: Andy LoPresto
> Assignee: David Handermann
> Priority: Major
> Labels: security, ssl, tcp, tls, tlsv1.3, udp
>
> While refactoring the TLS protocol version issue in NIFI-7407, I discovered
> that some processors make use of NiFi custom implementations of
> {{SSLSocketChannel}}, {{SSLCommsSession}}, and
> {{SSLSocketChannelInputStream}}. These implementations break on TLSv1.3.
> Further investigation is needed to determine why these custom implementations
> were provided originally, whether they are still required, and why they do
> not handle TLSv1.3 successfully.
> Diagnostic error:
> {code}
> Error reading from channel due to Tag mismatch!: javax.net.ssl.SSLException:
> Tag mismatch!
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
