activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christoffer Sawicki (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-4582) Specifying invalid ciphersuite in SSL transport causes all available ciphersuites to be enabled
Date Wed, 24 Jul 2013 09:49:49 GMT

    [ https://issues.apache.org/jira/browse/AMQ-4582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718184#comment-13718184
] 

Christoffer Sawicki commented on AMQ-4582:
------------------------------------------

Reporter of AMQ-4433 here. Yeah, I removed the changes to TcpTransportServer.java from my
latest patch (see the comments of AMQ-4433) because of the test failures. IIRC, the problem
is that other non-transport parameters enter that code path and mess things up. I gave up
on validating the transport parameters because it seemed like too much work for me, sorry.
I hope you know the codebase better and can sort things out!
                
> Specifying invalid ciphersuite in SSL transport causes all available ciphersuites to
be enabled
> -----------------------------------------------------------------------------------------------
>
>                 Key: AMQ-4582
>                 URL: https://issues.apache.org/jira/browse/AMQ-4582
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.8.0
>         Environment: Linux 3.2.0-41-generic x86_64
>            Reporter: Robert Huffman
>              Labels: security, ssl
>         Attachments: AMQ-4582.patch
>
>
> If you use an invalid cipher suite in the parameter "transport.enabledCipherSuites" on
an SSL transport connector, the broker will start with all ciphers enabled.
> For example, use this transport connector:
>     <transportConnectors>
>       <transportConnector name="ssl" uri="ssl://localhost:61717?needClientAuth=true&amp;transport.enabledCipherSuites=foobar"/>
>     </transportConnectors>
> This is an attempt to enable the ciphersuite "foobar". The broker starts, and, in my
environment I end up with 26 cipher suites enabled, 10 of which are generally considered weak.
> Using the debugger I tracked this down to the method org.apache.activemq.util.IntrospectionSupport.setProperty.
It uses reflection to invoke SSLServerSocket.setEnabledCipherSuites. That method throws an
IllegalArgumentException if the specified ciphersuite is enabled. IntrospectionSupport.setProperty
catches the exception and returns false.
> I believe that this code should not be ignoring exceptions like this. This is a major
security flaw: if a user is attempting to lock down ActiveMQ to a specific strong cipher suite,
but makes a typo, the broker starts with with the ability to use weaker cipher suites.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message