[
https://issues.apache.org/jira/browse/NIFI-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17863911#comment-17863911
]
Shawn Dorsch edited comment on NIFI-1480 at 7/8/24 7:46 PM:
------------------------------------------------------------
We're looking for a way to limit the TLS cipher suites used by
HandleHttpRequest processor or the ListenHTTP processor, so this is still
relevant. (y)
was (Author: JIRAUSER292400):
(y)
> Allow different cipher suites configurable properties for NiFi UI &
> integrations
> --------------------------------------------------------------------------------
>
> Key: NIFI-1480
> URL: https://issues.apache.org/jira/browse/NIFI-1480
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.5.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, security, tls
>
> Currently NiFi uses the same collection of TLS cipher suites for both its
> role as a server and outgoing connections (i.e. {{GetHTTP}} or {{InvokeHTTP}}
> processors, etc.). This collection is not customizable or modifiable by end
> users.
> Extract these values from the application to be configurable, provide
> sensible defaults, and decouple the roles so they can be set independently
> (i.e. more restrictive and stronger cipher suites for NiFi as a server, but
> allowing weaker/fallback cipher suites for external connections to a legacy
> resource).
> [Mozilla TLS Configuration
> Tool|https://mozilla.github.io/server-side-tls/ssl-config-generator/]
> [Mozilla TLS Configuration
> Wiki|https://wiki.mozilla.org/Security/Server_Side_TLS]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
