Skip to content

NIFI-11673 Remove Legacy TLS Configuration Versions#7367

Closed
exceptionfactory wants to merge 1 commit intoapache:mainfrom
exceptionfactory:NIFI-11673
Closed

NIFI-11673 Remove Legacy TLS Configuration Versions#7367
exceptionfactory wants to merge 1 commit intoapache:mainfrom
exceptionfactory:NIFI-11673

Conversation

@exceptionfactory
Copy link
Contributor

@exceptionfactory exceptionfactory commented Jun 9, 2023

Summary

NIFI-11673 Removes legacy TLS protocol versions from the TlsConfiguration interface along with methods based on evaluation of Java version information.

Previous logic defaulted to TLSv1.2 for Java 8 and TLSv1.3 for Java 11 when calling several helper methods on TlsConfiguration. The TlsPlatform utility class provides feature-based detection and has been used in a number of framework and extension components. With the removal of Java 8 support from the main branch, the Java version number checking is no longer necessary.

Additional changes include applying the SSL Protocol property to the HTTP Notification Service for NiFi Bootstrap and removing test methods no longer necessary with the standardization of available TLS protocol versions.

For cluster socket communication, the TlsPlatform methods replace the Java version-based methods from TlsConfiguration while providing equivalent functionality.

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
  • Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

  • Pull Request based on current revision of the main branch
  • Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • Build completed using mvn clean install -P contrib-check
    • JDK 11
    • JDK 17

Licensing

  • New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • Documentation formatting appears as expected in rendered files

@exceptionfactory exceptionfactory force-pushed the NIFI-11673 branch 2 times, most recently from 1d1dfd9 to 5218e45 Compare June 10, 2023 00:22
@nandorsoma nandorsoma self-requested a review June 21, 2023 11:39
@mr1716
Copy link
Contributor

mr1716 commented Jun 21, 2023

This would be great to implement!!

nandorsoma
nandorsoma approved these changes Jun 23, 2023
View reviewed changes
Copy link
Contributor

@nandorsoma nandorsoma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the change @exceptionfactory! Tested on a secured cluster, LGTM. Merging to main.

nandorsoma
nandorsoma reviewed Jun 23, 2023
View reviewed changes
Copy link
Contributor

@nandorsoma nandorsoma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noticed test failures in the nifi-toolkit-tls module in my last build after rebase. It could be a local env issue, but for further investigation, I'm revoking my approval for safety's sake.

@nandorsoma
Copy link
Contributor

nandorsoma commented Jun 26, 2023

It was an env issue. Merging to main.

@asfgit asfgit closed this in 1f1c5df Jun 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nandorsoma nandorsoma nandorsoma approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@exceptionfactory @mr1716 @nandorsoma