camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: NettyConnector explicitly initializes SSLContext instead of using default
Date Tue, 06 Jun 2017 06:24:50 GMT
Hi

This is a question for Apache ActiveMQ user forum.

On Tue, Jun 6, 2017 at 12:36 AM, mevans7 <mark.evans@morpho.com> wrote:
> BOTTOM LINE:
> I need a secure way to initialize the SSLContext in
> org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.  (No
> keystore password in system properties.)
>
> USE CASE:
> I'm trying to configure a client to read JMS messages from Wildfly using
> SSL.  This works ONLY if I specify these either with -D or
> System.setProperty():
>
> -Djavax.net.ssl.keyStore=<my-keystore-file-path>
> -Djavax.net.ssl.keyStorePassword=<my-key-pass>
> -Djavax.net.ssl.trustStore=<my-truststore-file-path>
> -Djavax.net.ssl.trustStorePassword=<my-trust-pass>
>
> My problem is this: for security purposes, I cannot put the password in the
> System properties.  (These are too easy to dump out using various tools.)
>
> So, I programatically initialize the default SSLContext.  BUT,
> NettyConnector does not use the default SSLContext.  It explicitly reads the
> above properties and creates its own SSLContext.
>
> QUESTION:
> - How can I securely pass the truststore and keystore passwords to
> NettyConnector?
> - Why doesn't NettyConnector just use the default SSLContext, which can be
> configured with the same system parameters as above?
>
>
>
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/NettyConnector-explicitly-initializes-SSLContext-instead-of-using-default-tp5801857.html
> Sent from the Camel - Users mailing list archive at Nabble.com.



-- 
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2

Mime
View raw message