activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Bertram <jbert...@apache.org>
Subject Re: NettyConnector explicitly initializes SSLContext instead of using default
Date Tue, 06 Jun 2017 20:35:11 GMT
What version are you using?  There is an option in 2.1 to use the default SSL context.  See
https://issues.apache.org/jira/browse/ARTEMIS-590.


Justin

----- Original Message -----
From: "mevans7" <mark.evans@morpho.com>
To: users@activemq.apache.org
Sent: Tuesday, June 6, 2017 3:17:43 PM
Subject: NettyConnector explicitly initializes SSLContext instead of using default

BOTTOM LINE: 
I need a secure way to initialize the SSLContext in
org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.  (No
keystore password in system properties.) 

USE CASE: 
I'm trying to configure a client to read JMS messages from Wildfly using
SSL.  This works ONLY if I specify these either with -D or
System.setProperty(): 

-Djavax.net.ssl.keyStore=<my-keystore-file-path>
-Djavax.net.ssl.keyStorePassword=<my-key-pass>
-Djavax.net.ssl.trustStore=<my-truststore-file-path>
-Djavax.net.ssl.trustStorePassword=<my-trust-pass>

My problem is this: for security purposes, I cannot put the password in the
System properties.  (These are too easy to dump out using various tools.) 

So, I programatically initialize the default SSLContext.  BUT,
NettyConnector does not use the default SSLContext.  It explicitly reads the
above properties and creates its own SSLContext. 

QUESTION: 
- How can I securely pass the truststore and keystore passwords to
NettyConnector? 
- Why doesn't NettyConnector just use the default SSLContext, which can be
configured with the same system parameters as above? 



--
View this message in context: http://activemq.2283324.n4.nabble.com/NettyConnector-explicitly-initializes-SSLContext-instead-of-using-default-tp4727120.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message