Re: Refreshing HTML displayed for View usage

[Matthew Hawkins]

Hi Russell,

Something I've noticed myself, and it's easily reproducible on the Usage
pages for processors, is that Nifi is doing a reverse DNS lookup when
loading the page. If your DNS is broken, it can take 10-30 seconds for the
page content to appear.

Kr,

On Fri, 18 Aug 2023, 07:29 Russell Bateman,  wrote:

> Matt,
>
> I experimented with the Open in New Window button, but the new window,
> which probably isn't an iframe, nevertheless doesn't respond to attempts
> to get around the cache.
>
> You're probably right about the version not changing being at the root
> of the browser's inability to respond to a change. Sadly, the
> edit-display-debug-edit cycle doesn't excite me into changing versions
> just so I can see the result.
>
> I'm certainly not going to clamor for work to be done to get around
> this. It's annoying, but not crippling.
>
> Thanks,
>
> Russ
>
>
> On 8/17/23 13:54, Matt Gilman wrote:
> > Russell,
> >
> > Thanks for the response. The suggestion to open a new tab was for the
> > generated documentation, not the NiFi canvas itself. The generated
> > documentation is shown in an iframe which will offer you the menu item in
> > the context menu for opening in a new tab. IIRC correctly, the path to
> the
> > generated documentation contains the version of the component. For folks
> > simply using a released version of NiFi this works great since versions
> > will differ and any browser caching will only optimize page loading for
> the
> > user. If you're a developer, however, you're likely making changes to
> your
> > component and the version is not changing (x.y.z-SNAPSHOT). This is where
> > the browser cache could result in the behavior your seeing.
> >
> > Matt
> >
> > On Thu, Aug 17, 2023 at 3:21 PM Russell Bateman
> > wrote:
> >
> >> Thanks, Matt,
> >>
> >> (Since I use Chrome 99% of the time, I'm using Chrome here.)
> >>
> >> Clicking on the reload control next to the address bar, while holding
> >> down Shift, reloads the canvas, but the NiFi Documentation page
> >> disappears and I have to reload it using the View usage context menu of
> >> my processor. Once reloaded, nothing has changed.
> >>
> >> This is also the behavior of the Configure Processor dialog. As I reload
> >> View usage, ...
> >>
> >> In Chrome, there's no effective content-menu option to right-click in
> >> the page contents and open in a new tab. I can...
> >>
> >>  Back
> >>  Forward
> >>  Reload
> >>  ---
> >>  Save As...
> >>  Print
> >>  Cast
> >>  Search images with Google
> >>  -
> >>  Send to your devices
> >>  Create QR code for this page
> >>  
> >>  Translate
> >>  -
> >>  View page source
> >>  View frame source
> >>  Reload frame
> >>  Inspect
> >>
> >>
> >> If I right-click the current tab itself, I'm able to choose to
> >> Duplicate., but that doesn't seem to lead to anything more helpful.
> >>
> >> By the way, I'm doing this using NiFi 1.23.0. I have also verified the
> >> date of my NAR to ensure that I'm not repeatedly working using a NAR
> >> with old content. Also, the version displayed for the custom processor
> >> is that of the various /pom.xml/ files I'm building with.
> >>
> >> I usually develop on the latest NiFi version. However, my company has
> >> NARs that won't load beginning 1.14.0. I just brought up 1.13.2, what
> >> most of our customers run, and tried my latest NAR which *does* display
> >> my changes.Same with 1.1.2, which represents the oldest platform
> >> executing at any custom site. Exceptionally, I set up 1.19.1 where it
> >> *also works*.
> >>
> >> This is unexpected; maybe it does point, as unlikely as it seems, to
> >> something changed in 1.23.0 (instead of being caused by anything between
> >> the dossier of my chair and the space bar of my keyboard as I have been
> >> expecting to learn. ;-)  )
> >>
> >> It could still be me and I'm just not seeing the obvious yet.
> >>
> >>
> >> On 8/17/23 12:44, Matt Gilman wrote:
> >>> Russell,
> >>>
> >>> Assuming this is a browser cache issue, can you try right-clicking
> >> anywhere
> >>> in the page contents of the generated documentation and open it in a
> new
> >>> tab. Once that is open, can you try doing a hard refresh by holding
> Shift
> >>> while clicking Reload next to the address bar? This should clear the
> >> cache
> >>> and fetch the updated generated documentation. At this point, you
> should
> >> be
> >>> able to close that tab and retry from the NiFi UI.
> >>>
> >>> Let us know if this doesn't help and we can see if something isn't
> >> getting
> >>> generated and updated correctly.
> >>>
> >>> Matt
> >>>
> >>> On Thu, Aug 17, 2023 at 2:38 PM Russell Bateman
> >>> wrote:
> >>>
>  Seems like a really stupid user/browser question, but I cannot seem to
>  get changes I've made to properties, relationships, attributes read or
>  written, etc. *for custom 

Re: NiFi 1.19.1 TLS Cipher syntax

[Matthew Hawkins]

Just be aware that simple regex would also include undesirable outcomes
like null hashes and weak bit strengths, effecting a downgrade attack. You
should also explicitly exclude them using something like

 nifi.web.https.ciphersuites.exclude=.*128.*,.*NULL.*

Or whatever suits your needs. It should be and possibly is a default
setting but always best to enforce and note in documentation to stay on top
of.

I acknowledge it's a pest to set these manually, but that's what tooling
like ansible is for, you can do it once and apply to all your Nifi servers
easily. Also, even if you did it manually in windows notepad even, the hour
spent would cost something like $35-100 whereas the cyber incident could
cost hundreds of millions. Never shy putting your hand to the till with
mindless administrative tasks that are actually achieving something.

Kr,


On Fri, 18 Aug 2023, 00:23 Phillip Lord,  wrote:

> I think you just need to adjust your regex here...
>
> Have you tried something like this...   ^TLS_ECDHE.*
>
> Thanks,
> Phil
>
> On Thu, Aug 17, 2023 at 8:26 AM Martin Fong 
> wrote:
>
> > I would like to find out the syntax to set only ECDHE*.
> >
> > The following works:
> > nifi.web.https.ciphersuites.include=^.*GCM_SHA256$
> >
> > The following does not work:
> > nifi.web.https.ciphersuites.include=^.*TLS_ECDHE$
> >
> > This will work but I want the whole ECDHE* and nothing else but it will
> be
> > a very long line to set them up.
> > nifi.web.https.ciphersuites.include=
> >
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> >
> > 2023-08-16 13:54:52,811 INFO [main] o.e.jetty.util.ssl.SslContextFactory
> > No Cipher Suite matching '^.*TLS_ECDHE$' is supported
> > 2023-08-16 13:54:52,812 WARN [main] o.e.jetty.util.ssl.SslContextFactory
> > No supported Cipher Suite from [TLS_AES_256_GCM_SHA384,
> > TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
> > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> > TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
> > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> > TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> > TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
> > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384,
> > TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
> > TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
> > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
> > TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
> > TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA]
> >
> > Please advise if there is a correct syntax just only for ECDHE*.
> >
> > Thanks,
> > Martin Fong
> > Enterprise Technical Support Specialist, Infrastructure & Platform (IAG)
> > Technology Services Division, Technology Infrastructure Services
> > City of Toronto
> > 703 Don Mills Road, 2nd Floor
> > Toronto, ON
> > M3C 3N3
> > Tel:   416-397-7565
> > e-mail: martin.f...@toronto.ca
> >
> > This e-mail message is confidential and subject to copyright. Any
> > unauthorized use or disclosure is prohibited. If you have received this
> > email and are not the intended recipient, please advise and delete it.
> > Thank you.
> >
> >
>