activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-2384) The activeMQ port supports low and medium strength ciphers
Date Mon, 14 Sep 2009 14:44:13 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-2384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=54240#action_54240
] 

Gary Tully commented on AMQ-2384:
---------------------------------

if introspection support can deal with a string[], uri parameters of the form "socket.xxx"
could do it on the server url to set the enabled cipher suites on an ssl socket. Configuration
of the tls layer could also achieve this.

> The activeMQ port supports low and medium strength ciphers 
> -----------------------------------------------------------
>
>                 Key: AMQ-2384
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2384
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Connector
>    Affects Versions: 5.2.0
>         Environment: We are running the ActiveMQ 5.2.0  over a SLES 11 64 bit  machine.
In the configuration file activemq.xml there is no way to specify the supported ciphers. 
>            Reporter: Shrisha Chandrashekar
>             Fix For: 5.3.0
>
>
> On running a Tenable nessus scan against the machine where ActiveMQ is running, we see
that the port 61616 , the TCP connector port accepts Low and Medium strength ciphers by default.
This may be a security risk and therefore we need a way to specify which ciphers to support.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message