Description:

Restricted implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application, but only allows a restricted set of TLS/SSL protocols to be chosen (no SSL protocols are supported). The set of protocols selectable will evolve over time as new protocols emerge and older protocols are deprecated. This service is recommended over StandardSSLContextService if a component doesn’t expect to communicate with legacy systems since it is unlikely that legacy systems will support these protocols.

Tags:

tls, ssl, secure, certificate, keystore, truststore, jks, p12, pkcs12, pkcs

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property is considered “sensitive”, meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.

Name

Default Value

Allowable Values

Description

Keystore Filename The fully-qualified filename of the Keystore
Keystore Password The password for the Keystore

Sensitive Property: true



Key Password The password for the key. If this is not specified, but the Keystore Filename, Password, and Type are specified, then the Keystore Password will be assumed to be the same as the Key Password.

Sensitive Property: true



Keystore Type * JKS
* PKCS12
The Type of the Keystore
Truststore Filename The fully-qualified filename of the Truststore
Truststore Password The password for the Truststore

Sensitive


Property: true



Truststore Type * JKS
* PKCS12
The Type of the Truststore. Either JKS or PKCS12
TLS Protocol TLS * TLS
* TLSv1.2
The algorithm to use for this SSL context. By default, this will choose the highest supported TLS protocol version.

State management:

This component does not store state.

Restricted:

This component is not restricted.