[
https://issues.apache.org/jira/browse/NIFI-8523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17368967#comment-17368967
]
ASF subversion and git services commented on NIFI-8523:
-------------------------------------------------------
Commit 115bba9ab01d432da60d1fc29359812690a5b453 in nifi's branch
refs/heads/main from Jon Kessler
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=115bba9 ]
NIFI-8523 Added SFTP algorithm and cipher properties
- Updated secure FTP processors to configure which algorithms, ciphers and
message authentication codes are allowed to be used by the SSH Client
- Included Expression Language Variable Registry support for properties
This closes #5061
Signed-off-by: David Handermann <[email protected]>
> Update secure ftp processors to allow restriction of algorithms, ciphers and
> message authentication codes
> ---------------------------------------------------------------------------------------------------------
>
> Key: NIFI-8523
> URL: https://issues.apache.org/jira/browse/NIFI-8523
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.13.2
> Reporter: Jon Kessler
> Assignee: Jon Kessler
> Priority: Minor
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> The SFTPTransfer class, which is used for SSH communications by the four
> secure ftp processors (GetSFTP, ListSFTP, PutSFTP, and FetchSFTP), uses a
> java library called net.schmizz.sshj. This library allows one to restrict
> what algorithms, ciphers and message authentication codes are used by the ssh
> client created by that library. However SFTPTransfer is hardcoded to use the
> DefaultConfig which uses all available options.
> I believe it would be beneficial to expose this as a matter of configuration
> via PropertyDescriptors so that if an operator chose to they could eliminate
> options that did not fit within their desired security posture.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
