Andy, Thanks for the explanation.
On Fri, Mar 24, 2017 at 4:00 PM Andy LoPresto <[email protected]> wrote: > Juan, > > I believe that the underlying Jetty server for ListenHTTP will not support > SSLv3. NiFi 1.1.1 uses Jetty 9.3.9.v20160517, and Jetty versions going back > to at least 9.2 disable SSLv3. In addition, I believe Java 8_31 also > disables SSLv3 [1]. To make this work (and for the record, I strongly > discourage it), you would need to override the JRE security settings and > write custom code to initialize Jetty with SSLv3. > > [1] https://dev.eclipse.org/mhonarc/lists/jetty-users/msg05703.html > > > Andy LoPresto > [email protected] > *[email protected] <[email protected]>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Mar 24, 2017, at 12:53 PM, Juan Sequeiros <[email protected]> wrote: > > Hello all, > > I am trying to force SSLv3 on a ListenHTTP. > > I've changed that on my StandardSSLContextService but when I test it > fails when I specify sslv3 and works when I specify tlsv1 **** curl example. > > Similar thing if NIFI * postHTTP inside same canvas to myself. Works fine > if StandardSSLContextServiceis set to TLS ( both listen and post are > using same SSLContextService ) it fails if I change it to SSLv3 > > I've also looked to make sure the macro JAVA java.security is not blocking > me but that does not have any "SSL" on ~JAVA_INSTALL/security/java.security > > jdk.tls.disabledAlgorithms=RC4, MD5withRSA, DH keySize < 768 > > Any suggestions? > > My test is using curl: > > Command that works: > > curl -H "filename:test.txt" -H "some.attribute:nifiTest" -k --cert > myServerCert --key MyServer.key -d @some/file --location-trusted > --location https://someServer:5555/contentListener > <https://someserver:5555/contentListener> --tlsv1 -vvv > > Command that does not: > > curl -H "filename:test.txt" -H "some.attribute:nifiTest" -k --cert > myServerCert --key MyServer.key -d @some/file --location-trusted > --location https://someServer:5555/contentListener > <https://someserver:5555/contentListener> --sslv3 -vvv > > >
