alopresto

/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/bin/java *.crypto.OpenSSLPBEEncryptorTest,testShouldNotEncryptAndDecryptWithPBELongPasswordWith128BitKeyAndDefaultJCEProvider
[main] INFO  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Running in limited encryption mode
[main] INFO  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Available JCE providers: SUN, SunRsaSign, SunEC, SunJSSE, SunJCE, SunJGSS, SunSASL, XMLDSig, SunPCSC, Apple, BC
[main] INFO  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Password: thisIsABadPassword
[main] INFO  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Salt    : saltsalt
[main] INFO  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Checking algorithm PBEWITHMD5AND128BITAES-CBC-OPENSSL
[main] INFO  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Running with provider SUN
[main] WARN  com.hortonworks.crypto.OpenSSLPBEEncryptorTest  - Provider SUN does not support cipher PBEWITHMD5AND128BITAES-CBC-OPENSSL
[main] INFO  com.hortonworks.crypto.OpenSSLPBE

alopresto

  @Test
    public void testShouldDecryptOpenSSLWithBcPEMDecryptor() throws Exception {
        // Arrange
        if (!isUnlimitedStrengthCrypto()) {
            logger.info("Running in limited encryption mode. Overriding...")
            setJCEUnlimitedStrength()
            logger.info("Now running with unlimited strength crypto")
        }

        logger.info("Plaintext: ${plaintext}")

alopresto

I understand the differences are subtle because a lot of the terminology overlaps, but these are two very different activities. In the article you linked to, the steps described are intended to strengthen the service NiFi is providing and the ability of users to connect. As an analogy, let's describe building a bank.

By default, the bank is built of wood, has large clear windows with no blinds, and no official sign out front. You've taped a piece of paper saying "GeoffreyBank" to the door (this is plaintext, default, unencrypted HTTP communication from your browser to http://localhost:8080/nifi).

Now, of course, you want to secure your bank. It is going to store valuable items, and people will not use it if they do not trust that you are protecting their property. So, you build stronger walls and put an inner office so that their transactions cannot simply be observed by anyone on the street and you have professional signage so they can recognize that it is the correct bank.

This is analogous to

alopresto

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *

alopresto

hw12203:/Users/alopresto/Workspace/cipherscan alopresto
🔓 1s @ 21:57:02 $ python analyze.py -t nifi.nifi.apache.org:8443
nifi.nifi.apache.org:8443 has bad ssl/tls

Things that are bad:
* don't use an untrusted or self-signed certificate

Changes needed to match the old level:
* enable SSLv3
* use a certificate with sha1WithRSAEncryption signature

alopresto

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software

alopresto

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software

alopresto

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software

alopresto

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software

alopresto

package org.apache.nifi.process;

import java.util.Arrays;

public class Process {

    public static void main(String[] args) {
        String allArgs = String.join(" ", Arrays.asList(args));

        System.out.println("[System out] Provided arguments: " + allArgs);