activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From moreno <>
Subject Server cipher order to MQTT connections.
Date Wed, 12 Sep 2018 13:09:44 GMT

we are undergoing a security certification for our system. One of the issues
we get is related to the cipher order while establishing a TLS connection
with MQTT. 

We went through the following document to configure the transport and select
the cipher suites we want to allow:

However, we could not find a reference to the order of the cipher suites.
That seems to be an issue for security-scanning tools, like testssh
( See for exaple the following
output on one of our servers:

****start test output****
Testing server preferences 
 Has server cipher order?   *  nope (NOT ok)*
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 570 bit ECDH
(B-571) (limited sense as client will pick)
 Negotiated cipher per proto  (limited sense as client will pick)
     ECDHE-RSA-AES128-GCM-SHA256:   TLSv1.2
 No further cipher order check has been done as order is determined by the
****end test output****

We did not find any reference to cipher order in the ActiveMQ documentation.
Is there a possibility to do so? 

Thanks in advance and best regards,
Marcos Moreno.

Sent from:

View raw message