Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1986
I am trying to walk the line between "make everything configurable" and
"sometimes people who don't understand this configure it". If you have a client
that only supports `SSLv3`, it won't work with `ListenHTTP` period.
* Current situation: the connection will fail, and the error presented to
the client will be some form of `INVALID PROTOCOL VERSION`. No error in NiFi.
* Proposed error on config: New flows can't start, as the processor is
invalid. Existing flows which use `SSLv3` will stop working, and the error
simply says "SSLv3 isn't valid". No open port for client to connect to, so
that's the error on that end.
* Proposed restricted list implementation: *Can't get to invalid state on
new processor config.* Existing flows which use `SSLv3` will stop working, and
the error says "SSLv3 isn't valid -- pick TLSv1.2". No open port for client to
connect to, so that's the error on that end, but the NiFi DFM at least knows a
"valid" option to report back to the external client admin/operator.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
