You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by shrisha <sh...@gmail.com> on 2009/08/25 09:47:08 UTC
Specifying security ciphers using SSL connector for activeMQ
We are using ActiveMQ 5.2.0 with a SSL connector, we have a requirement to
enabe only specific high strength security ciphers for communication between
the clients and the server.With the default broker URL ,on port 61616 ,the
server accepts even Low and Medium strength ciphers , we need to make it
accept only high strength ciphers. Is there a way to specify these ciphers
which should only be accepted in the broker URL as a transport option pt
someway in the connector tag in activemq.xml.
--
View this message in context: http://www.nabble.com/Specifying--security-ciphers-using-SSL-connector-for-activeMQ-tp25129865p25129865.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
RE: Specifying security ciphers using SSL connector for activeMQ
Posted by shrisha <sh...@gmail.com>.
Ya , we can definitely do it in the code, there are API's in java on the
Socket and the ServerSocket which allow us to enable only specific ciphers.
However I tried to catch hold of these sockets used by extending the
following classes
SSLTransport,SSLTransportServer,SSLtransportFactory,ActiveMQSslConnectionFactory
thereby enabling only high strength ciphers on the Sockets and the
ServerSockets. But it seems it does not solve the problem , the server still
accepts low and medium strength ciphers. So i am not sure whether i have to
still extend some more classes. Instead of experimenting like this ,I was
wondering if there is any way of specifying these through some property
instead of changing in the code.
Anyone who has achieved this ,please post the steps here. Thanks in advance.
MatsH wrote:
>
>> server accepts even Low and Medium strength ciphers , we need to make
> it
>> accept only high strength ciphers. Is there a way to specify these
> ciphers
>> which should only be accepted in the broker URL as a transport option
> pt
>> someway in the connector tag in activemq.xml.
>
> I had a look at this (also had a look in the code as well but didn't
> have time to dig...) yesterday and I can't find a way of doing it. I
> found that the JSSE docs claim you can use the https.cipherSuites system
> property to control what happens in the HTTPS case, but couldn't find
> anything similar for SSL. The docs do claim it is possible to do
> programmatically, so certainly it should be possible to implement.
>
> If somebody does figure out how to do it please post about it here, I'd
> certainly be very interested in turning off the low strength ciphers.
>
> Mats
>
>
>
--
View this message in context: http://www.nabble.com/Specifying--security-ciphers-using-SSL-connector-for-activeMQ-tp25129865p25165657.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
RE: Specifying security ciphers using SSL connector for activeMQ
Posted by Ma...@sungard.com.
> server accepts even Low and Medium strength ciphers , we need to make
it
> accept only high strength ciphers. Is there a way to specify these
ciphers
> which should only be accepted in the broker URL as a transport option
pt
> someway in the connector tag in activemq.xml.
I had a look at this (also had a look in the code as well but didn't
have time to dig...) yesterday and I can't find a way of doing it. I
found that the JSSE docs claim you can use the https.cipherSuites system
property to control what happens in the HTTPS case, but couldn't find
anything similar for SSL. The docs do claim it is possible to do
programmatically, so certainly it should be possible to implement.
If somebody does figure out how to do it please post about it here, I'd
certainly be very interested in turning off the low strength ciphers.
Mats