ijokarumawak commented on a change in pull request #3404: [WIP] NIFI-5176 Java
11 Build Compatibilty
URL: https://github.com/apache/nifi/pull/3404#discussion_r301470472
##########
File path:
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
##########
@@ -888,7 +888,7 @@ public SSLContext getSslContext() {
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
- final SSLContext sslContext =
SSLContext.getInstance("TLS");
+ final SSLContext sslContext =
SSLContext.getInstance("TLSv1.2"); // FIXME TLSv1.3 not working under Java 11,
setting explicitly to TLSv1.2 works.
Review comment:
While TLSv1.3 doesn't work with TestHTTPClient, other tests such as
TestHttpNotificationServiceSSL works with TLSv1.3. I suspect the difference
comes from the library S2S HTTPClient uses, Apache HttpAsyncClient.
Apache HTTP Client 5.0's release note has a note 'Resolved compatibility
issues with TLS 1.3 engine shipped with Java 11'. Even if Apache HTTP Client
5.0 gets released, it may take more time for Apache HttpAsyncClient to have the
same fix.
https://archive.apache.org/dist/httpcomponents/httpcore/RELEASE_NOTES-5.0.x.txt
I will look at the Apache HttpComponents change around TLS 1.3 support
closer tomorrow.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
