NIFI-7468 Updated SSLSocketChannel to support TLS 1.3

- Handling additional FINISHED Handshake Status for TLS 1.3 Post-Handshake Messages per RFC 8446 Section 4.6 - Removed clearing buffers after handshake to avoid losing packets - Updated read() method to check Handshake Status after SSLEngine.unwrap() - Changed SSLSocketChannelSender to close SSLSocketChannel before other resources - Added ChannelStatus enum and convenience logging methods for tracing status - Added unit tests for TLS 1.2 and 1.3 using Netty server and client handlers NIFI-8704 Updated netty-handler to 4.1.65.Final NIFI-7468 Corrected SSLSocketChannel.read() to return byte read NIFI-7468 Adjusted comment formatting Signed-off-by: Nathan Gough <thenatog@gmail.com> This closes apache#5152.
krisztina-zsihovszki · Jun 27, 2022 · 4482a83 · 4482a83
1 parent 1214a5d
commit 4482a83
Show file tree

Hide file tree

Showing 4 changed files with 862 additions and 412 deletions.
diff --git a/nifi-commons/nifi-security-socket-ssl/pom.xml b/nifi-commons/nifi-security-socket-ssl/pom.xml
@@ -31,5 +31,17 @@
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-security-utils</artifactId>
+            <version>1.14.0-SNAPSHOT</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-handler</artifactId>
+            <version>4.1.65.Final</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>