StandardSSLContextService

Description:

Standard implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application. This service can be used to communicate with both legacy and modern systems. If you only need to communicate with non-legacy systems, then the StandardRestrictedSSLContextService is recommended as it only allows a specific set of SSL protocols to be chosen.

Tags:

ssl, secure, certificate, keystore, truststore, jks, p12, pkcs12, pkcs, tls

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, whether a property supports the NiFi Expression Language, and whether a property is considered "sensitive", meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.

NameDefault ValueAllowable ValuesDescription
Keystore FilenameThe fully-qualified filename of the Keystore

This property requires exactly one file to be provided..

Supports Expression Language: true (will be evaluated using variable registry only)
Keystore PasswordThe password for the Keystore
Sensitive Property: true
Key PasswordThe password for the key. If this is not specified, but the Keystore Filename, Password, and Type are specified, then the Keystore Password will be assumed to be the same as the Key Password.
Sensitive Property: true
Keystore Type
  • BCFKS
  • PKCS12
  • JKS
The Type of the Keystore
Truststore FilenameThe fully-qualified filename of the Truststore

This property requires exactly one file to be provided..

Supports Expression Language: true (will be evaluated using variable registry only)
Truststore PasswordThe password for the Truststore
Sensitive Property: true
Truststore Type
  • BCFKS
  • PKCS12
  • JKS
The Type of the Truststore
TLS ProtocolTLS
  • SSL Negotiate latest SSL or TLS protocol version based on platform supported versions
  • TLS Negotiate latest TLS protocol version based on platform supported versions
  • TLSv1.3 Require TLSv1.3 protocol version
  • TLSv1.2 Require TLSv1.2 protocol version
  • TLSv1.1 Require TLSv1.1 protocol version
  • TLSv1 Require TLSv1 protocol version
SSL or TLS Protocol Version for encrypted connections. Supported versions include insecure legacy options and depend on the specific version of Java used.

State management:

This component does not store state.

Restricted:

This component is not restricted.

System Resource Considerations:

None specified.