nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mr TheSegfault (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MINIFICPP-607) Remove host and peer verification bypass configuration option
Date Fri, 14 Sep 2018 18:38:00 GMT

     [ https://issues.apache.org/jira/browse/MINIFICPP-607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mr TheSegfault updated MINIFICPP-607:
-------------------------------------
    Status: Patch Available  (was: Open)

> Remove host and peer verification bypass configuration option
> -------------------------------------------------------------
>
>                 Key: MINIFICPP-607
>                 URL: https://issues.apache.org/jira/browse/MINIFICPP-607
>             Project: NiFi MiNiFi C++
>          Issue Type: Improvement
>    Affects Versions: 0.5.0
>            Reporter: Andy LoPresto
>            Assignee: Mr TheSegfault
>            Priority: Critical
>              Labels: certificate, configuration, cryptography, security, tls, verification
>
> There is a [section of the MiNiFi C++ documentation|https://github.com/apache/nifi-minifi-cpp/#sitetosite-security-configuration]
which instructs the user on how to bypass host and peer verification when making secure connections.
These configuration options should be removed, and users should configure the certificates
correctly. 
> {quote}
> If during testing you have a need to disable host or peer verification, you may use the
following options:
> # in minifi.properties
> nifi.security.client.disable.host.verification=true
> nifi.security.client.disable.peer.verification=true
> {quote}
> Spoke to Marc Parisi off list and he asked me to assign to him. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message