Github user jskora commented on the issue:
https://github.com/apache/nifi/pull/1986
I don't want to complicate this, but I feel like I must be missing
something.
As much as possible, the validation at configuration time should provide
the user feedback, not failure upon execution. So,
- SSLContextService should only allow selection of supported protocols, if
SSLv3 will not work it should be removed from the list, and
- if we need SSLv3 in some places we either need 2 variations of
SSLContextService like @alopresto mentioned earlier or the ability to configure
and query the security level so processors requiring only the higher security
protocols can invalidate in the GUI (before execution) if provided a less
secure service.
Does that make sense?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
