activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Sussman (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-3128) networkConnection fails when SSLv2 disabled
Date Tue, 11 Jan 2011 00:31:45 GMT
networkConnection fails when SSLv2 disabled
-------------------------------------------

                 Key: AMQ-3128
                 URL: https://issues.apache.org/jira/browse/AMQ-3128
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.4.2
            Reporter: Adam Sussman


Given a broker transportConnection with SSLv2 disabled, networkConnectors fail to connect
with error:

ERROR:  Could not accept connection : javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled

This only happens with networkConnections.  Regular client connections (such as the camel
connector) work fine.

Network Connection looks like:

<networkConnection uri="static:(ssl://mybroker:61616)" />

Example transportConnector that throws the error:

<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:61616?transport.enabledProtocols=TLSv1,SSLv3"
/>

Example transportConnector that does NOT error:

<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:61616?transport.enabledProtocols=TLSv1,SSLv3,SSLv2Hello"
/>

While the hello setting can be added, it shouldn't be needed.  Also, for compliance reasons,
we need to be able to remove
ALL support for SSLv2.

Bigger question, why does this only happen for networkConnections?


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message