Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Unable to upgrade TLSv1.2 in Nifi 1.5

avatar
New Contributor

We're trying to upgrade from TLSv1.0 to TLSv1.2 for the below configuration but getting error as attached.tls error.PNG
These are the installed versions
HDF: 3.1.0
Nifi: 1.5.0.3.1.0.0-564
Ambari: 2.6.2.2
HDP: 2.6.5.1100.

 

we have tried following the steps from this page and it didn't worked as well.

https://community.cloudera.com/t5/Support-Questions/Nifi-SSL-TLS-qestion/td-p/285528

Kindly help me to resolve this issue.

1 ACCEPTED SOLUTION

avatar
Super Mentor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
4 REPLIES 4

avatar
New Contributor
  1. At first java security files was not disabling the TLSv1 & TLSv1.1 protocols. Due to this NiFi PutEmail processor was giving error mentioned in screen shot#1 below: 

vk21_4-1643044042529.png

 

  1. After we disabled TLSv1 and TLSv1.1 in security file by putting below line in java security file we are getting error mentioned in screen shot#2.

 $JAVA_HOME/jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, SSLv2Hello, RC4, DES, MD5withRSA, \

                DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \

                include jdk.disabled.namedCurves

 

vk21_5-1643044042730.png

 

 Is there a way to restrict PutEmail Processor to use TLSv1.2 while sending request to SMTP server?

avatar
Super Mentor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
New Contributor

Can we upgrade HDF 3.1.0 directly to 3.5 without upgrading Amabri and HDP? and if not, is there any document guiding how we can upgrade from HDF 3.1.0 to HDF 3.5.

avatar
Super Mentor

@vk21 

 

This question is not related to the original question in this post.  I recommend starting a new question, so as to avoid confusion via a new conversation when this post already has an accepted solution.

Thanks,

Matt