Hi folks, I have a flow that downloads files from an FTP server over SSL using TLS1.2. To achieve this I use curl command line in an ExecuteProcess processor. This routine has been working ok until recently when we tried it on an upgraded NiFi server.
After tracking down the error we noticed that it was due to the updated version of open-ssl recommendation of not allowing the use of old ciphers. The FTP server in question is using TLS1.2 with a weak certificate but since it is not managed by me updating the server is not an option. After some troubleshooting I managed to adjust my curl command and it is working when I execute it manually in a bash session on my nifi server (to be precise I ran it inside the docker container that is running the nifi) but when I execute the same command line with the ExecuteProcess processor I got the following error: "failed setting cipher list" The curl command and argument line I'm executing is: *curl -v -slk --tlsv1.2 --ciphers 'DEFAULT:!DH' --user ${FTP_USER}:${FTP_PASS} --ftp-ssl ftp://${FTP_HOST}:${FTP_PORT}/${FTP_DIR}/* The actual verbose error from inside the ExecuteProcess processor is: ** Trying 200.230.161.229...* TCP_NODELAY set* Expire in 200 ms for 4 (transfer 0x55f98e691f50)* Connected to <server-name-redacted> (<ip-address-redacted>) port <port-redacted> (#0)< 220 ProFTPD 1.3.4d Server (...) [<ip-address-redacted>]> AUTH SSL< 234 AUTH SSL successful* failed setting cipher list: 'DEFAULT:!DH'* Closing connection 0* So it seems that some configuration either on the nifi or the ExecuteProcess is not allowing me to force my curl command to use insecure ciphers with openssl. How can I circumvent this? Best regards, Eric