[
https://issues.apache.org/jira/browse/NIFI-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16145942#comment-16145942
]
ASF GitHub Bot commented on NIFI-2528:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1986#discussion_r135886286
--- Diff:
nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
---
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.ssl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.nifi.annotation.documentation.CapabilityDescription;
+import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.ValidationContext;
+import org.apache.nifi.processor.util.StandardValidators;
+
+/**
+ * This class is functionally the same as {@link
StandardSSLContextService}, but it restricts the allowable
+ * values that can be selected for SSL protocols.
+ */
+@Tags({"ssl", "secure", "certificate", "keystore", "truststore", "jks",
"p12", "pkcs12", "pkcs"})
+@CapabilityDescription("Restricted implementation of the
SSLContextService. Provides the ability to configure "
+ + "keystore and/or truststore properties once and reuse that
configuration throughout the application, "
+ + "but only allows a restricted set of SSL protocols to be chosen.
The set of protocols selectable will "
+ + "evolve over time as new protocols emerge and older protocols
are deprecated. This service is recommended "
+ + "over StandardSSLContextService if a component doesn't expect to
communicate with legacy systems since it's "
+ + "unlikely that legacy systems will support these protocols.")
+public class StandardRestrictedSSLContextService extends
StandardSSLContextService implements RestrictedSSLContextService {
+
+ public static final PropertyDescriptor RESTRICTED_SSL_ALGORITHM = new
PropertyDescriptor.Builder()
+ .name("SSL Protocol")
+ .defaultValue("TLSv1.2")
--- End diff --
No, I left `.name()` the same to be backward compatible (changing the name
means that the value stored in the flow will not be retrieved on load). This is
the whole reason `.displayName()` was introduced -- it provides a human-facing
value that isn't used for value resolution.
> Update ListenHTTP to honor SSLContextService Protocols
> ------------------------------------------------------
>
> Key: NIFI-2528
> URL: https://issues.apache.org/jira/browse/NIFI-2528
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0, 0.8.0, 0.7.1
> Reporter: Joe Skora
> Assignee: Michael Hogue
>
> Update ListenHTTP to honor SSLContextService Protocols as [NIFI-1688] did for
> PostHTTP.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
