activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "xianhua liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-5147) Secure Websocket Transport causes HttpsClient handshaking fail
Date Thu, 14 May 2015 14:32:00 GMT

    [ https://issues.apache.org/jira/browse/AMQ-5147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543731#comment-14543731
] 

xianhua liu commented on AMQ-5147:
----------------------------------

Yes. That is right. The static code to set the "https.cipherSuites" system property should
be removed from the org.apache.activemq.transport.https.Krb5AndCertsSslSocketConnector class.

> Secure Websocket Transport causes HttpsClient handshaking fail
> --------------------------------------------------------------
>
>                 Key: AMQ-5147
>                 URL: https://issues.apache.org/jira/browse/AMQ-5147
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.7.0, 5.8.0, 5.9.0
>         Environment: Windows 7
>            Reporter: xianhua liu
>            Priority: Critical
>              Labels: security
>
> In my Java application, I configured secure websocket transport wss://0.0.0.0:61614 for
activemq broker. In the same JVM, there is httpsclient to call web service. During handshaking
process I found that the cipher suites in the ClientHello message has only one or two supported
cipher suites. See example below:
> *** ClientHello, TLSv1
> RandomCookie:  GMT: 1397495018 bytes = { 252, 79, 14, 225, 20, 20, 242, 57, 88, 102,
9, 34, 79, 216, 165, 186, 190, 50, 213, 135, 205, 128, 229, 154, 3, 82, 78, 32 }
> Session ID:  {}
> Cipher Suites: [SSL_KRB5_WITH_3DES_EDE_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
> Compression Methods:  { 0 }
> ***
> I found in the org.apache.activemq.transport.https.Krb5AndCertsSslSocketConnector class
static code to set the system property "https.cipherSuites". The HttpsClient later reads this
property to get cipher suites for handshaking message. 
> I am not sure if the static code in that class could be removed. It definitely will mess
up with the HttpsClient.    



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message