You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by shlomos <sh...@nice.com> on 2015/07/09 06:32:08 UTC
Re: Disabling SSLv3 in embedded web-console jetty
Have you found a solution for this case ?
Thanks !!
--
View this message in context: http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698861.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
RE: Disabling SSLv3 in embedded web-console jetty
Posted by shlomos <sh...@nice.com>.
Thanks for the update, I’ve managed configuring it with a different approach , hope someone will find it useful :
<list>
<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSocketConnector">
<property name="port" value="8162"/>
<constructor-arg>
<bean class="org.eclipse.jetty.http.ssl.SslContextFactory">
<property name="keyStore" value="file:${activemq.conf}/keystore.jks"/>
<property name="keyStorePassword" value="password"/>
<property name="protocol" value="TLSv1.2" />
<property name="ExcludeProtocols" value="SSLv3"/>
<property name="excludeCipherSuites">
<set>
<value>.*NULL.*</value>
<value>.*RC4.*</value>
<value>.*MD5.*</value>
<value>.*DES.*</value>
<value>.*DSS.*</value>
</set>
</property>
</bean>
</constructor-arg>
</bean>
</list>
From: christopher.l.shannon [via ActiveMQ] [mailto:ml-node+s2283324n4698892h94@n4.nabble.com]
Sent: יום ה, 09 יולי 2015 15:32
To: Shlomi Avihou
Subject: Re: Disabling SSLv3 in embedded web-console jetty
If you are using JDK 8u31 or greater, SSLv3 is disabled by default. The
typical way to disable a cipher is to use the addExcludeProtocols method on
the ssl context factory, such as:
sslContextFactory.addExcludeProtocols("SSLv3");
I'm not sure if there is an easy way to do this with a websocket transport
right now but with the web console, you should be able to modify the
example xml to this:
<bean id="SecureConnector"
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="8161" />
<property name="keystore" value="some-path/ssl/server-keystore" />
<property name="password" value="some-passsword" />
<property name="excludeCipherSuites" value="SSLv3" />
</bean>
You just need to add that excludeCipherSuites property.
On Thu, Jul 9, 2015 at 12:32 AM, shlomos <[hidden email]</user/SendEmail.jtp?type=node&node=4698892&i=0>> wrote:
> Have you found a solution for this case ?
>
> Thanks !!
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698861.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
________________________________
If you reply to this email, your message will be added to the discussion below:
http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698892.html
To unsubscribe from Disabling SSLv3 in embedded web-console jetty, click here<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4687156&code=c2hsb21pLmF2aWhvdUBuaWNlLmNvbXw0Njg3MTU2fC0xNDI0NTc5ODQ=>.
NAML<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
--
View this message in context: http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4699130.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Disabling SSLv3 in embedded web-console jetty
Posted by Christopher Shannon <ch...@gmail.com>.
If you are using JDK 8u31 or greater, SSLv3 is disabled by default. The
typical way to disable a cipher is to use the addExcludeProtocols method on
the ssl context factory, such as:
sslContextFactory.addExcludeProtocols("SSLv3");
I'm not sure if there is an easy way to do this with a websocket transport
right now but with the web console, you should be able to modify the
example xml to this:
<bean id="SecureConnector"
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="8161" />
<property name="keystore" value="some-path/ssl/server-keystore" />
<property name="password" value="some-passsword" />
<property name="excludeCipherSuites" value="SSLv3" />
</bean>
You just need to add that excludeCipherSuites property.
On Thu, Jul 9, 2015 at 12:32 AM, shlomos <sh...@nice.com> wrote:
> Have you found a solution for this case ?
>
> Thanks !!
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698861.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>