activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shrisha <shrisha.chandrashe...@gmail.com>
Subject RE: Specifying security ciphers using SSL connector for activeMQ
Date Thu, 27 Aug 2009 03:33:37 GMT

Ya , we can definitely do it in the code, there are API's in java on the
Socket and the ServerSocket which allow us to enable only specific ciphers.
However I tried to catch hold of these sockets used  by extending the
following classes 
SSLTransport,SSLTransportServer,SSLtransportFactory,ActiveMQSslConnectionFactory
thereby enabling only high strength ciphers on the Sockets and the
ServerSockets. But it seems it does not solve the problem , the server still
accepts low and medium strength ciphers. So i am not sure whether i have to
still extend some more classes. Instead of experimenting like this ,I was
wondering if there is any way of specifying these through some property 
instead of changing in the code.

Anyone who has achieved this ,please post the steps here. Thanks in advance.



MatsH wrote:
> 
>> server accepts even Low and Medium strength ciphers , we need to make
> it
>> accept only high strength ciphers. Is there a way to specify these
> ciphers
>> which should only be accepted in the broker URL as a transport option
> pt
>> someway in the connector tag in activemq.xml.
> 
> I had a look at this (also had a look in the code as well but didn't
> have time to dig...) yesterday and I can't find a way of doing it. I
> found that the JSSE docs claim you can use the https.cipherSuites system
> property to control what happens in the HTTPS case, but couldn't find
> anything similar for SSL. The docs do claim it is possible to do
> programmatically, so certainly it should be possible to implement. 
> 
> If somebody does figure out how to do it please post about it here, I'd
> certainly be very interested in turning off the low strength ciphers.
> 
> Mats
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Specifying--security-ciphers-using-SSL-connector-for-activeMQ-tp25129865p25165657.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message