Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.11.4, 1.13.2
Description
While refactoring the TLS protocol version issue in NIFI-7407, I discovered that some processors make use of NiFi custom implementations of SSLSocketChannel, SSLCommsSession, and SSLSocketChannelInputStream. These implementations break on TLSv1.3.
Further investigation is needed to determine why these custom implementations were provided originally, whether they are still required, and why they do not handle TLSv1.3 successfully.
Diagnostic error:
Error reading from channel due to Tag mismatch!: javax.net.ssl.SSLException: Tag mismatch!
Attachments
Issue Links
- depends upon
-
NIFI-7407 Change cluster communication protocol listener
- Resolved
- is depended upon by
-
NIFI-6563 Add support for TLSv1.3 when running on Java 11
- Resolved
- is related to
-
NIFI-5458 Improve NiFi TLS and certificate management
- Resolved
-
NIFI-8298 Refactor nifi-security-utils to reduce dependence on Bouncy Castle
- Resolved
- relates to
-
NIFI-8462 Refactor PutSyslog and ListenSyslog using Netty
- Resolved
-
NIFI-8616 Migrate SSL socket code to use Netty
- Resolved
- links to