activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shirley <shirley_...@trend.com.tw>
Subject ActiveMQ CPP with OpenSSL
Date Tue, 10 Jun 2014 10:48:00 GMT
Recently, openssl has confirmed a vulnerability that OpenSSL (before 0.9.8za,
1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h) TLS clients enabling anonymous
ECDH ciphersuites are subject to a denial of service attack.

In OpenSSLContextSpi.cpp of activemq-cpp 3.8.2 source codes, we could see
that it sets the cipher suite to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH". The
default ssl transport seems not to exclude the anonymous ECDH (!AECDH or
!aNULL).

So does it mean that the activemq-cpp clients are affected by this
vulnerability if our activemq-cpp library is built with openssl 1.0.1 before
1.0.0h? 





--
View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-CPP-with-OpenSSL-tp4681940.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message