[
https://issues.apache.org/jira/browse/NIFI-8037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough updated NIFI-8037:
-------------------------------
Resolution: Resolved
Status: Resolved (was: Patch Available)
> Support TLS 1.3 in SSLContextService on Java 8
> ----------------------------------------------
>
> Key: NIFI-8037
> URL: https://issues.apache.org/jira/browse/NIFI-8037
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.13.0, 1.12.1
> Environment: AdoptOpenJDK 8 Update 275 and Azul Zulu JDK 8 Update 275
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The following vendors introduced support for TLS 1.3 on Java 8:
> * [Oracle JDK 8 Update
> 261|https://www.oracle.com/java/technologies/javase/8u261-relnotes.html]
> * [Azul Zulu JDK 8 Update
> 262|https://www.azul.com/keeping-network-traffic-safe-in-jdk-8-with-tls-1-3/]
> * [AdoptOpenJDK 8 Update
> 272|https://blog.adoptopenjdk.net/2020/10/adoptopenjdk-8u272-1109-and-1501-available/]
> The StandardSSLContextService and StandardRestrictedSSLContextService
> services do not support selecting TLS 1.3 when running on Java 8 due to
> [TlsConfiguration|https://github.com/apache/nifi/blob/rel/nifi-1.12.1/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java]
> class methods checking the Java runtime version and return TLSv1.2 for
> versions older than Java 11.
> Improvements to resolve unit test issues with TLS protocols in NIFI-8019
> could be leveraged to support runtime determination of supported TLS protocol
> versions. This would provide the option to select TLS 1.3 when running on
> supported versions of Java 8 and remove the need for checking the Java
> version number.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
