[
https://issues.apache.org/jira/browse/NIFI-8523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-8523.
------------------------------------
Fix Version/s: 1.14.0
Resolution: Fixed
> Update secure ftp processors to allow restriction of algorithms, ciphers and
> message authentication codes
> ---------------------------------------------------------------------------------------------------------
>
> Key: NIFI-8523
> URL: https://issues.apache.org/jira/browse/NIFI-8523
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.13.2
> Reporter: Jon Kessler
> Assignee: Jon Kessler
> Priority: Minor
> Fix For: 1.14.0
>
> Time Spent: 3h
> Remaining Estimate: 0h
>
> The SFTPTransfer class, which is used for SSH communications by the four
> secure ftp processors (GetSFTP, ListSFTP, PutSFTP, and FetchSFTP), uses a
> java library called net.schmizz.sshj. This library allows one to restrict
> what algorithms, ciphers and message authentication codes are used by the ssh
> client created by that library. However SFTPTransfer is hardcoded to use the
> DefaultConfig which uses all available options.
> I believe it would be beneficial to expose this as a matter of configuration
> via PropertyDescriptors so that if an operator chose to they could eliminate
> options that did not fit within their desired security posture.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
