[ https://issues.apache.org/jira/browse/NIFI-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16145942#comment-16145942 ]
ASF GitHub Bot commented on NIFI-2528: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/1986#discussion_r135886286 --- Diff: nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java --- @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.ssl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.nifi.annotation.documentation.CapabilityDescription; +import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.ValidationContext; +import org.apache.nifi.processor.util.StandardValidators; + +/** + * This class is functionally the same as {@link StandardSSLContextService}, but it restricts the allowable + * values that can be selected for SSL protocols. + */ +@Tags({"ssl", "secure", "certificate", "keystore", "truststore", "jks", "p12", "pkcs12", "pkcs"}) +@CapabilityDescription("Restricted implementation of the SSLContextService. Provides the ability to configure " + + "keystore and/or truststore properties once and reuse that configuration throughout the application, " + + "but only allows a restricted set of SSL protocols to be chosen. The set of protocols selectable will " + + "evolve over time as new protocols emerge and older protocols are deprecated. This service is recommended " + + "over StandardSSLContextService if a component doesn't expect to communicate with legacy systems since it's " + + "unlikely that legacy systems will support these protocols.") +public class StandardRestrictedSSLContextService extends StandardSSLContextService implements RestrictedSSLContextService { + + public static final PropertyDescriptor RESTRICTED_SSL_ALGORITHM = new PropertyDescriptor.Builder() + .name("SSL Protocol") + .defaultValue("TLSv1.2") --- End diff -- No, I left `.name()` the same to be backward compatible (changing the name means that the value stored in the flow will not be retrieved on load). This is the whole reason `.displayName()` was introduced -- it provides a human-facing value that isn't used for value resolution. > Update ListenHTTP to honor SSLContextService Protocols > ------------------------------------------------------ > > Key: NIFI-2528 > URL: https://issues.apache.org/jira/browse/NIFI-2528 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.0.0, 0.8.0, 0.7.1 > Reporter: Joe Skora > Assignee: Michael Hogue > > Update ListenHTTP to honor SSLContextService Protocols as [NIFI-1688] did for > PostHTTP. -- This message was sent by Atlassian JIRA (v6.4.14#64029)