StandardRestrictedSSLContextService

Description:

Restricted implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application, but only allows a restricted set of TLS/SSL protocols to be chosen (no SSL protocols are supported). The set of protocols selectable will evolve over time as new protocols emerge and older protocols are deprecated. This service is recommended over StandardSSLContextService if a component doesn't expect to communicate with legacy systems since it is unlikely that legacy systems will support these protocols.

Tags:

tls, ssl, secure, certificate, keystore, truststore, jks, p12, pkcs12, pkcs

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
Keystore FilenameKeystore FilenameThe fully-qualified filename of the Keystore

This property requires exactly one file to be provided..

Supports Expression Language: true (will be evaluated using variable registry only)
Keystore PasswordKeystore PasswordThe password for the Keystore
Sensitive Property: true
Key Passwordkey-passwordThe password for the key. If this is not specified, but the Keystore Filename, Password, and Type are specified, then the Keystore Password will be assumed to be the same as the Key Password.
Sensitive Property: true
Keystore TypeKeystore Type
  • BCFKS
  • PKCS12
  • JKS
The Type of the Keystore
Truststore FilenameTruststore FilenameThe fully-qualified filename of the Truststore

This property requires exactly one file to be provided..

Supports Expression Language: true (will be evaluated using variable registry only)
Truststore PasswordTruststore PasswordThe password for the Truststore
Sensitive Property: true
Truststore TypeTruststore Type
  • BCFKS
  • PKCS12
  • JKS
The Type of the Truststore
TLS ProtocolSSL ProtocolTLS
  • TLS Negotiate latest protocol version based on platform supported versions
  • TLSv1.3 Require TLSv1.3 protocol version
  • TLSv1.2 Require TLSv1.2 protocol version
TLS Protocol Version for encrypted connections. Supported versions depend on the specific version of Java used.

State management:

This component does not store state.

Restricted:

This component is not restricted.

System Resource Considerations:

None specified.