You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by shlomos <sh...@nice.com> on 2015/07/09 06:32:08 UTC

Re: Disabling SSLv3 in embedded web-console jetty

Have you found a solution for this case ? 

Thanks !! 



--
View this message in context: http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698861.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

RE: Disabling SSLv3 in embedded web-console jetty

Posted by shlomos <sh...@nice.com>.
Thanks for the update, I’ve managed configuring it with a different approach , hope someone will find it useful :


<list>

<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSocketConnector">

<property name="port" value="8162"/>

<constructor-arg>

<bean class="org.eclipse.jetty.http.ssl.SslContextFactory">

<property name="keyStore" value="file:${activemq.conf}/keystore.jks"/>

<property name="keyStorePassword" value="password"/>

<property name="protocol" value="TLSv1.2" />

<property name="ExcludeProtocols" value="SSLv3"/>

<property name="excludeCipherSuites">

<set>

<value>.*NULL.*</value>

<value>.*RC4.*</value>

<value>.*MD5.*</value>

<value>.*DES.*</value>

<value>.*DSS.*</value>

</set>

</property>

</bean>

</constructor-arg>

</bean>
</list>



From: christopher.l.shannon [via ActiveMQ] [mailto:ml-node+s2283324n4698892h94@n4.nabble.com]
Sent: יום ה, 09 יולי 2015 15:32
To: Shlomi Avihou
Subject: Re: Disabling SSLv3 in embedded web-console jetty

If you are using JDK 8u31 or greater, SSLv3 is disabled by default.  The
typical way to disable a cipher is to use the addExcludeProtocols method on
the ssl context factory, such as:
sslContextFactory.addExcludeProtocols("SSLv3");

I'm not sure if there is an easy way to do this with a websocket transport
right now but with the web console, you should be able to modify the
example xml to this:

<bean id="SecureConnector"
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
       <property name="port" value="8161" />
       <property name="keystore" value="some-path/ssl/server-keystore" />
       <property name="password" value="some-passsword" />
       <property name="excludeCipherSuites" value="SSLv3" />
</bean>
You just need to add that excludeCipherSuites property.

On Thu, Jul 9, 2015 at 12:32 AM, shlomos <[hidden email]</user/SendEmail.jtp?type=node&node=4698892&i=0>> wrote:

> Have you found a solution for this case ?
>
> Thanks !!
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698861.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

________________________________
If you reply to this email, your message will be added to the discussion below:
http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698892.html
To unsubscribe from Disabling SSLv3 in embedded web-console jetty, click here<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4687156&code=c2hsb21pLmF2aWhvdUBuaWNlLmNvbXw0Njg3MTU2fC0xNDI0NTc5ODQ=>.
NAML<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>




--
View this message in context: http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4699130.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Disabling SSLv3 in embedded web-console jetty

Posted by Christopher Shannon <ch...@gmail.com>.
If you are using JDK 8u31 or greater, SSLv3 is disabled by default.  The
typical way to disable a cipher is to use the addExcludeProtocols method on
the ssl context factory, such as:
sslContextFactory.addExcludeProtocols("SSLv3");

I'm not sure if there is an easy way to do this with a websocket transport
right now but with the web console, you should be able to modify the
example xml to this:

<bean id="SecureConnector"
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
       <property name="port" value="8161" />
       <property name="keystore" value="some-path/ssl/server-keystore" />
       <property name="password" value="some-passsword" />
       <property name="excludeCipherSuites" value="SSLv3" />
</bean>
You just need to add that excludeCipherSuites property.

On Thu, Jul 9, 2015 at 12:32 AM, shlomos <sh...@nice.com> wrote:

> Have you found a solution for this case ?
>
> Thanks !!
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Disabling-SSLv3-in-embedded-web-console-jetty-tp4687156p4698861.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>