[jira] [Commented] (NIFI-2528) Update ListenHTTP to honor SSLContextService Protocols

Tue, 25 Jul 2017 06:54:16 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16100071#comment-16100071
 ] 

ASF GitHub Bot commented on NIFI-2528:
--------------------------------------

Github user m-hogue commented on the issue:

    https://github.com/apache/nifi/pull/1986
  
    @alopresto @jskora : So i mentioned above that there were two reasons why I 
opted for this approach. Previous to this PR and confirmed by @alopresto and 
@trkurc, the protocol used by ListenHTTP was automatically negotiated with the 
client and the configured SSLContextService protocol was ignored. Since the 
fact that this is misleading and in an effort to not change processor 
communications behavior, i decided to stop the processor on startup if an 
invalid protocol was selected and log that the protocol selected wasn't 
supported with a recommendation to choose another -- this is evident from the 
screenshot i posted above. As pointed out, this will cause processors to break 
if they were configured with SSLv3, for example, prior to this change. 
Additionally, I didn't want to change the global list of selectable protocols 
in SSLContextService if only one (or a few) processor(s) impacted that list. 
That's why i attempted to localize the restriction to the one processor.
    
    So instead of breaking the processor if the SSLContextService is configured 
with a protocol that isn't supported by ListenHTTP, i see 2 options:
    
    1. If the SSLContextService is configured with something that ListenHTTP 
doesn't support, override the protocol to (possibly configured) TLSv1.2 since 
that's what it was doing previously and log a warning indicating that this 
happened. 
    2. Build another SSLContextService in which a processor can inform which 
protocols should be selectable.
    
    The second is a bit of work and perhaps outside the scope of this issue, 
but i'm happy to do whatever is recommended.


> Update ListenHTTP to honor SSLContextService Protocols
> ------------------------------------------------------
>
>                 Key: NIFI-2528
>                 URL: https://issues.apache.org/jira/browse/NIFI-2528
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0, 0.8.0, 0.7.1
>            Reporter: Joe Skora
>            Assignee: Michael Hogue
>
> Update ListenHTTP to honor SSLContextService Protocols as [NIFI-1688] did for 
> PostHTTP.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to