Support Questions

shrikantjadhav2 · ‎09-25-2017

I am using ListenTCP processor for listening data on servers particular port.

I want this post should be secure, so trying to implement 'SSL Context Service' property. Given proper values in keystore and truststore.

While sending data on above port i am getting error as 'Inbound closed before receiving peer's close_notify: possible truncation attack?'

Can you please let me know how I can receive data on secure port

MattWho · ‎09-25-2017

@Shrikant Jadhav

You are Having a two-way TLS/SSL issue here.

Most likely reason is your client is not sending a client cert to the server that can be trusted, so the server is abruptly closing the connection. Verify the keystore being used in your SSL Context Service contains a single PrivateKeyEntry that is authorized to be used for clientAuth (If you want to use this asme keystore to receive data later on this NIFi it must also support serverAuth). This PrivateKeyEntry can be self-signed or signed by some CA. You will need to make sure the server on the other end of this connection can trust the client cert. This means they must have your server's self-signed public key in their truststore or the public key for the CA that signed your certificate (if it was signed) in their truststore.

I would get verbose outputs from the keystores and truststores being used on bioth ends of teh connection to verify.

Thanks,

Matt

Support Questions

NiFi SSL Connection