activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christoffer Sawicki (JIRA)" <>
Subject [jira] [Commented] (AMQ-4582) Specifying invalid ciphersuite in SSL transport causes all available ciphersuites to be enabled
Date Wed, 24 Jul 2013 09:49:49 GMT


Christoffer Sawicki commented on AMQ-4582:

Reporter of AMQ-4433 here. Yeah, I removed the changes to from my
latest patch (see the comments of AMQ-4433) because of the test failures. IIRC, the problem
is that other non-transport parameters enter that code path and mess things up. I gave up
on validating the transport parameters because it seemed like too much work for me, sorry.
I hope you know the codebase better and can sort things out!
> Specifying invalid ciphersuite in SSL transport causes all available ciphersuites to
be enabled
> -----------------------------------------------------------------------------------------------
>                 Key: AMQ-4582
>                 URL:
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.8.0
>         Environment: Linux 3.2.0-41-generic x86_64
>            Reporter: Robert Huffman
>              Labels: security, ssl
>         Attachments: AMQ-4582.patch
> If you use an invalid cipher suite in the parameter "transport.enabledCipherSuites" on
an SSL transport connector, the broker will start with all ciphers enabled.
> For example, use this transport connector:
>     <transportConnectors>
>       <transportConnector name="ssl" uri="ssl://localhost:61717?needClientAuth=true&amp;transport.enabledCipherSuites=foobar"/>
>     </transportConnectors>
> This is an attempt to enable the ciphersuite "foobar". The broker starts, and, in my
environment I end up with 26 cipher suites enabled, 10 of which are generally considered weak.
> Using the debugger I tracked this down to the method org.apache.activemq.util.IntrospectionSupport.setProperty.
It uses reflection to invoke SSLServerSocket.setEnabledCipherSuites. That method throws an
IllegalArgumentException if the specified ciphersuite is enabled. IntrospectionSupport.setProperty
catches the exception and returns false.
> I believe that this code should not be ignoring exceptions like this. This is a major
security flaw: if a user is attempting to lock down ActiveMQ to a specific strong cipher suite,
but makes a typo, the broker starts with with the ability to use weaker cipher suites.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message