Hi, When I try to connect nifi api end point with curl as "curl -k -XGET https://10.233.0.153:8081/nifi-api/access/config -v " it fails as follows despite I use "-k" option to ignore validation. * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * NSS error -12173 (SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY) * SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. * Closing connection 0 curl: (35) SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
curl -V curl 7.37.0 (x86_64-redhat-linux-gnu) libcurl/7.37.0 NSS/3.18 Basic ECC zlib/1.2.8 libidn/1.32 libssh2/1.5.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz Metalink How do I configure nifi to use certain cifers and protocols? Looks like this ticket is resolved, https://issues.apache.org/jira/browse/NIFI-419 how do I use the settings? https://issues.apache.org/jira/browse/NIFI-700 is still open. Using curl is one side of our use, other side we have JSS tomcat service that use stronger cipers and protocols. Eventually we would like tomcat to run nifi REST apis. Thanks, -Chakri ________________________________ The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ________________________________
