[
https://issues.apache.org/jira/browse/NIFI-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16099363#comment-16099363
]
ASF GitHub Bot commented on NIFI-2528:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1986
I am trying to walk the line between "make everything configurable" and
"sometimes people who don't understand this configure it". If you have a client
that only supports `SSLv3`, it won't work with `ListenHTTP` period.
* Current situation: the connection will fail, and the error presented to
the client will be some form of `INVALID PROTOCOL VERSION`. No error in NiFi.
* Proposed error on config: New flows can't start, as the processor is
invalid. Existing flows which use `SSLv3` will stop working, and the error
simply says "SSLv3 isn't valid". No open port for client to connect to, so
that's the error on that end.
* Proposed restricted list implementation: *Can't get to invalid state on
new processor config.* Existing flows which use `SSLv3` will stop working, and
the error says "SSLv3 isn't valid -- pick TLSv1.2". No open port for client to
connect to, so that's the error on that end, but the NiFi DFM at least knows a
"valid" option to report back to the external client admin/operator.
> Update ListenHTTP to honor SSLContextService Protocols
> ------------------------------------------------------
>
> Key: NIFI-2528
> URL: https://issues.apache.org/jira/browse/NIFI-2528
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0, 0.8.0, 0.7.1
> Reporter: Joe Skora
> Assignee: Michael Hogue
>
> Update ListenHTTP to honor SSLContextService Protocols as [NIFI-1688] did for
> PostHTTP.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
