Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MINIFICPP-2133 Add TLS 1.3 support #1600

Closed
wants to merge 3 commits into from
Closed

MINIFICPP-2133 Add TLS 1.3 support #1600

wants to merge 3 commits into from

Conversation

lordgamez
Copy link
Contributor

@lordgamez lordgamez commented Jul 4, 2023
edited
Loading 

By the time the client sends its "Finished" message, it has already received the "Finished" and so the handshake has completed and it can immediately start sending application data.

This of course means that the client won't know whether the server has accepted the certificate or not until it next reads data from the server.
  • Only enable legacy SSL versions if legacy version is requested

Depends on #1599

https://issues.apache.org/jira/browse/MINIFICPP-2133

Thank you for submitting a contribution to Apache NiFi - MiNiFi C++.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

  • Is there a JIRA ticket associated with this PR? Is it referenced
    in the commit message?

  • Does your PR title start with MINIFICPP-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.

  • Has your PR been rebased against the latest commit within the target branch (typically main)?

  • Is your initial contribution a single, squashed commit?

For code changes:

  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE file?
  • If applicable, have you updated the NOTICE file?

For documentation related changes:

  • Have you ensured that format looks appropriate for the output in which it is rendered?

Note:

Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible.

@szaszm
Copy link
Member

szaszm commented Jul 6, 2023

Can we collect the affected parts, and which SSL/TLS versions are accepted in each case? I think we should aim to only accept TLS 1.2 and 1.3 in all cases, unless the user explicitly allows deprecated/insecure versions.

@lordgamez
Copy link
Contributor Author

Can we collect the affected parts, and which SSL/TLS versions are accepted in each case? I think we should aim to only accept TLS 1.2 and 1.3 in all cases, unless the user explicitly allows deprecated/insecure versions.

This is the case currently. We only support TLS 1.2 and 1.3, only HTTPClient has the option to set a specific or a minimum/maxiumum version that would allow the use of a legacy TLS version.

@lordgamez lordgamez marked this pull request as draft August 1, 2023 14:52
@lordgamez lordgamez mentioned this pull request Aug 2, 2023
Closed
8 tasks
@lordgamez lordgamez force-pushed the MINIFICPP-2133 branch 3 times, most recently from b7920cf to 3225df9 Compare August 9, 2023 14:14
@lordgamez lordgamez marked this pull request as ready for review August 9, 2023 14:43
@fgerlits fgerlits closed this in 76ee665 Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fgerlits fgerlits fgerlits approved these changes

@adamdebreceni adamdebreceni adamdebreceni approved these changes

@martinzink martinzink martinzink approved these changes

@szaszm szaszm szaszm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lordgamez @szaszm @fgerlits @martinzink @adamdebreceni