[ https://issues.apache.org/jira/browse/NIFI-8549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482036#comment-17482036 ]
ASF subversion and git services commented on NIFI-8549: ------------------------------------------------------- Commit a2cfbe4ac70d9d73bd3ab5bbfd702eaebb524c71 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=a2cfbe4 ] NIFI-8549 Upgraded MiNiFi sensitive properties algorithm - Replaced PBEWITHMD5AND256BITAES-CBC-OPENSSL with NIFI_PBKDF2_AES_GCM_256 NIFI-8549 Removed unused provider property from MiNiFi Admin Guide Signed-off-by: Matthew Burgess <mattyb...@apache.org> This closes #5687 > Upgrade MiNiFi default sensitive properties algorithm > ----------------------------------------------------- > > Key: NIFI-8549 > URL: https://issues.apache.org/jira/browse/NIFI-8549 > Project: Apache NiFi > Issue Type: Bug > Components: MiNiFi > Reporter: Andy LoPresto > Assignee: David Handermann > Priority: Major > Fix For: 1.16.0 > > Time Spent: 40m > Remaining Estimate: 0h > > {quote} > * Could we please change the default algorithm for protecting sensitive > property values to something stronger than the current selection? I would > open a Jira if necessary, but this is one of those things that is really > better to do before the first release so users have a backward-compatible > config.yml file moving forward. If we change it in a subsequent release, we > will need to do significant migration hand-holding. My suggestion would be > "PBEWITHSHA256AND256BITAES-CBC-BC” which is significantly stronger, but after > trying a few BC options, I continue to get EncryptionExceptions even though I > have the JCE unlimited cryptographic strength jurisdiction policy files > installed, so this may be a 0.0.2 fix. Is BouncyCastle not enabled by default? > {quote} -- This message was sent by Atlassian Jira (v8.20.1#820001)