thenatog edited a comment on pull request #4263: URL: https://github.com/apache/nifi/pull/4263#issuecomment-628899529
Looks like there's currently a test error for JDK11. My testing: Java 8 - Secure cluster - ListenHTTP - InvokeHTTP - Checked TLS negotiation for cluster comms data (cluster.node.protocol.port) with Wireshark which was TLSv1.2 - Clustered Site to Site back to the same cluster (had errors) - openssl s_client protocol version tests: https://docs.google.com/spreadsheets/d/1Vm17iqMdaPkqKtIYjGBUxG_TtRcdzhFRBnr_kaVTBVg/edit?usp=sharing Java 11 - Secure cluster - ListenHTTP - InvokeHTTP - Checked TLS negotiation for cluster comms data (cluster.node.protocol.port) with Wireshark which was TLSv1.2 - Clustered Site to Site back to the same cluster (had errors) - openssl s_client protocol version tests: https://docs.google.com/spreadsheets/d/1Vm17iqMdaPkqKtIYjGBUxG_TtRcdzhFRBnr_kaVTBVg/edit?usp=sharing Saw errors with site to site when using the HTTP protocol. I'm not certain if it's related to these changes or not: `"2020-05-14 15:16:06,799 WARN [Timer-Driven Process Thread-9] o.apache.nifi.remote.client.PeerSelector Could not communicate with node0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node0.com> doesn't match any of the subject alternative names: [node1.com]"` It's possible these errors only happen for a cluster hosted on the same machine/localhost. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
