question Re: Unable to upgrade TLSv1.2 in Nifi 1.5 in Support Questions

Unable to upgrade TLSv1.2 in Nifi 1.5

vk21 — Fri, 21 Jan 2022 16:36:22 GMT

We're trying to upgrade from TLSv1.0 to TLSv1.2 for the below configuration but getting error as attached.
These are the installed versions
HDF: 3.1.0
Nifi: 1.5.0.3.1.0.0-564
Ambari: 2.6.2.2
HDP: 2.6.5.1100.

we have tried following the steps from this page and it didn't worked as well.

https://community.cloudera.com/t5/Support-Questions/Nifi-SSL-TLS-qestion/td-p/285528

Kindly help me to resolve this issue.

Re: Unable to upgrade TLSv1.2 in Nifi 1.5

vk21 — Mon, 24 Jan 2022 17:08:42 GMT

At first java security files was not disabling the TLSv1 & TLSv1.1 protocols. Due to this NiFi PutEmail processor was giving error mentioned in screen shot#1 below:

After we disabled TLSv1 and TLSv1.1 in security file by putting below line in java security file we are getting error mentioned in screen shot#2.

$JAVA_HOME/jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, SSLv2Hello, RC4, DES, MD5withRSA, \

DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \

include jdk.disabled.namedCurves

Is there a way to restrict PutEmail Processor to use TLSv1.2 while sending request to SMTP server?

Re: Unable to upgrade TLSv1.2 in Nifi 1.5

MattWho — Tue, 25 Jan 2022 20:53:19 GMT

@vk21

You are running in to a known bug in that version of Apache NiFi. The bug was addressed in Apache NiFi 1.14. Upgrading Apache NiFi 1.5 to 1.14 would solve the issue for you.

Here are the bugs that addressed the issue:
https://issues.apache.org/jira/browse/NIFI-8281
https://issues.apache.org/jira/browse/NIFI-8630

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt

Re: Unable to upgrade TLSv1.2 in Nifi 1.5

vk21 — Mon, 31 Jan 2022 16:41:11 GMT

Can we upgrade HDF 3.1.0 directly to 3.5 without upgrading Amabri and HDP? and if not, is there any document guiding how we can upgrade from HDF 3.1.0 to HDF 3.5.

Re: Unable to upgrade TLSv1.2 in Nifi 1.5

MattWho — Mon, 31 Jan 2022 22:05:35 GMT

@vk21

This question is not related to the original question in this post. I recommend starting a new question, so as to avoid confusion via a new conversation when this post already has an accepted solution.

Thanks,

Matt