As the subject line says, we're getting a weird error when trying to
migrate to RHEL8. We're already on Java 11 on RHEL7, but for some reason
NiFi is running into problems instantiating a TLSv1.3 SSLContext.
Does anyone have any suggestions on what could be happening here?
Can you add the error here for more context?
On Aug 15, 2023 at 9:38 AM -0400, Mike Thomsen , wrote:
> As the subject line says, we're getting a weird error when trying to migrate
> to RHEL8. We're already on Java 11 on RHEL7, but for some reason NiFi is
> running into problems instantiating a TL
Roughly copy-pasta: "ERROR o.anifi.security.util.SslContextFactory
Encountered an error creating SSLContext from TLSConfiguration
[TlsConfiguration]keystorePath.protocol=TLSv1.3): TLSv1.3 SSLContext
not available"
Can't copy and paste because it's on a client's network.
On Tue, Aug 15, 2023 a
Mike,
It sounds like the problem could be related to the specific Java vendor and
version, or related to Java Security settings.
Java 8 Update 261 [1] and following include TLSv1.3, and Java 11 also
includes TLSv1.3 as you noted. However, the java.security configuration can
disable specific TLS v
Well there you go. This does not sound like a NiFi issue.
If you were using the default locations for the trust/keystore, those
may have changed going from RHEL7 to RHEL8. Change your configuration
to match the location of the trust/keystore on your RHEL8 system.
On 8/15/2023 8:43 AM, Mike
I had similar thoughts and told them to start working with different
flavors of Java 11.
Thanks,
Mike
On Tue, Aug 15, 2023 at 10:03 AM David Handermann <
exceptionfact...@apache.org> wrote:
> Mike,
>
> It sounds like the problem could be related to the specific Java vendor
> and version, or rel
You might check if your RHEL8 was installed with FIPS mode enabled
(fips-mode-setup --check). FIPS can limit available ciphers which would
affect TLS in Java.
-- Mike
On Tue, Aug 15, 2023 at 1:38 PM Mike Thomsen wrote:
> I had similar thoughts and told them to start working with different
> f
