activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Bertram <>
Subject Re: NettyConnector explicitly initializes SSLContext instead of using default
Date Wed, 07 Jun 2017 14:15:15 GMT
I just noticed that you said you were attempting to connect to Artemis in Wildfly, and I believe
that's going to be a 1.5.x version (or perhaps earlier) without this new feature.

FWIW whether you set the values in system properties on the command line or programmatically
or whether you configure the default SSL context the keystore and truststore passwords are
going to reside on the machine in plain text.  I'm not sure there's any way to get around


----- Original Message -----
From: "Justin Bertram" <>
Sent: Tuesday, June 6, 2017 3:35:11 PM
Subject: Re: NettyConnector explicitly initializes SSLContext instead of using default

What version are you using?  There is an option in 2.1 to use the default SSL context.  See


----- Original Message -----
From: "mevans7" <>
Sent: Tuesday, June 6, 2017 3:17:43 PM
Subject: NettyConnector explicitly initializes SSLContext instead of using default

I need a secure way to initialize the SSLContext in
org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.  (No
keystore password in system properties.) 

I'm trying to configure a client to read JMS messages from Wildfly using
SSL.  This works ONLY if I specify these either with -D or

My problem is this: for security purposes, I cannot put the password in the
System properties.  (These are too easy to dump out using various tools.) 

So, I programatically initialize the default SSLContext.  BUT,
NettyConnector does not use the default SSLContext.  It explicitly reads the
above properties and creates its own SSLContext. 

- How can I securely pass the truststore and keystore passwords to
- Why doesn't NettyConnector just use the default SSLContext, which can be
configured with the same system parameters as above? 

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message