Jon Kessler created NIFI-8523:
---------------------------------
Summary: Update secure ftp processors to allow restriction of
algorithms, ciphers and message authentication codes
Key: NIFI-8523
URL: https://issues.apache.org/jira/browse/NIFI-8523
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Affects Versions: 1.13.2
Reporter: Jon Kessler
Assignee: Jon Kessler
The SFTPTransfer class, which is used for SSH communications by the four secure
ftp processors (GetSFTP, ListSFTP, PutSFTP, and FetchSFTP), uses a java library
called net.schmizz.sshj. This library allows one to restrict what algorithms,
ciphers and message authentication codes are used by the ssh client created by
that library. However SFTPTransfer is hardcoded to use the DefaultConfig which
uses all available options.
I believe it would be beneficial to expose this as a matter of configuration
via PropertyDescriptors so that if an operator chose to they could eliminate
options that did not fit within their desired security posture.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
