nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MINIFICPP-607) Remove host and peer verification bypass configuration option
Date Sat, 15 Sep 2018 15:29:00 GMT

    [ https://issues.apache.org/jira/browse/MINIFICPP-607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16616361#comment-16616361
] 

ASF GitHub Bot commented on MINIFICPP-607:
------------------------------------------

Github user apiri commented on the issue:

    https://github.com/apache/nifi-minifi-cpp/pull/398
  
    reviewing


> Remove host and peer verification bypass configuration option
> -------------------------------------------------------------
>
>                 Key: MINIFICPP-607
>                 URL: https://issues.apache.org/jira/browse/MINIFICPP-607
>             Project: NiFi MiNiFi C++
>          Issue Type: Improvement
>    Affects Versions: 0.5.0
>            Reporter: Andy LoPresto
>            Assignee: Mr TheSegfault
>            Priority: Critical
>              Labels: certificate, configuration, cryptography, security, tls, verification
>
> There is a [section of the MiNiFi C++ documentation|https://github.com/apache/nifi-minifi-cpp/#sitetosite-security-configuration]
which instructs the user on how to bypass host and peer verification when making secure connections.
These configuration options should be removed, and users should configure the certificates
correctly. 
> {quote}
> If during testing you have a need to disable host or peer verification, you may use the
following options:
> # in minifi.properties
> nifi.security.client.disable.host.verification=true
> nifi.security.client.disable.peer.verification=true
> {quote}
> Spoke to Marc Parisi off list and he asked me to assign to him. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message