Hi Pierre, I think you are 100% correct that this would be aa significant improvement. I am in the midst of refactoring the TLS Toolkit completely [1], so this is something I will keep in mind for that overhaul. In the meantime, if you would like to file a Jira and submit a PR for the current instance, that would be helpful to people. Please link the Jira to this epic [2] where I am tracking a lot of interrelated TLS improvements.
[1] https://issues.apache.org/jira/browse/NIFI-5462 <https://issues.apache.org/jira/browse/NIFI-5462> [2] https://issues.apache.org/jira/browse/NIFI-5458 <https://issues.apache.org/jira/browse/NIFI-5458> Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Aug 14, 2019, at 2:46 AM, Pierre Villard <[email protected]> > wrote: > > Hey guys, > > It is possible to start the TLS toolkit in server mode with a token length > below the required 16 bits. But when the client is performing the request, > it'll be denied with the message "Token does not meet minimum size of 16 > bytes". Would it make sense to just prevent the TLS toolkit to start in > server mode when the token is below 16 bytes? > > Happy to file a JIRA and submit a PR, just wanted to check I'm not missing > an edge case. > > Thanks, > Pierre
