[ https://issues.apache.org/jira/browse/NIFI-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315783#comment-17315783 ]
David Handermann commented on NIFI-7468: ---------------------------------------- The following processors received and handled files when running under Java 11.0.10 with TLSv1.3: - ListenTCP - ListenTCPRecord The {{PutTCP}} processor worked with TLSv1.3, but did not terminate TLS connections properly when configured with TLSv1.3. The underlying {{SSLSocketChannelSender}} class is not closing SSLSocketChannel resources before closing the socket connection, resulting in issues on the remote server. {{SSLSocketChannelSender}} supports the following components: - PutTCP - PutSplunk - PutSyslog > Improve internal handling of SSL channels > ----------------------------------------- > > Key: NIFI-7468 > URL: https://issues.apache.org/jira/browse/NIFI-7468 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions > Affects Versions: 1.11.4 > Reporter: Andy LoPresto > Assignee: David Handermann > Priority: Major > Labels: security, ssl, tcp, tls, tlsv1.3, udp > > While refactoring the TLS protocol version issue in NIFI-7407, I discovered > that some processors make use of NiFi custom implementations of > {{SSLSocketChannel}}, {{SSLCommsSession}}, and > {{SSLSocketChannelInputStream}}. These implementations break on TLSv1.3. > Further investigation is needed to determine why these custom implementations > were provided originally, whether they are still required, and why they do > not handle TLSv1.3 successfully. > Diagnostic error: > {code} > Error reading from channel due to Tag mismatch!: javax.net.ssl.SSLException: > Tag mismatch! > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)