You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Piotr Klimczak (JIRA)" <ji...@apache.org> on 2014/08/29 11:31:53 UTC
[jira] [Commented] (AMQ-5147) Secure Websocket Transport causes
HttpsClient handshaking fail
[ https://issues.apache.org/jira/browse/AMQ-5147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115052#comment-14115052 ]
Piotr Klimczak commented on AMQ-5147:
-------------------------------------
As I understand from your description, your request is more about not setting system properties- to not mess properties in your JVM.
Am I right?
> Secure Websocket Transport causes HttpsClient handshaking fail
> --------------------------------------------------------------
>
> Key: AMQ-5147
> URL: https://issues.apache.org/jira/browse/AMQ-5147
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.7.0, 5.8.0, 5.9.0
> Environment: Windows 7
> Reporter: xianhua liu
> Priority: Critical
> Labels: security
>
> In my Java application, I configured secure websocket transport wss://0.0.0.0:61614 for activemq broker. In the same JVM, there is httpsclient to call web service. During handshaking process I found that the cipher suites in the ClientHello message has only one or two supported cipher suites. See example below:
> *** ClientHello, TLSv1
> RandomCookie: GMT: 1397495018 bytes = { 252, 79, 14, 225, 20, 20, 242, 57, 88, 102, 9, 34, 79, 216, 165, 186, 190, 50, 213, 135, 205, 128, 229, 154, 3, 82, 78, 32 }
> Session ID: {}
> Cipher Suites: [SSL_KRB5_WITH_3DES_EDE_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
> Compression Methods: { 0 }
> ***
> I found in the org.apache.activemq.transport.https.Krb5AndCertsSslSocketConnector class static code to set the system property "https.cipherSuites". The HttpsClient later reads this property to get cipher suites for handshaking message.
> I am not sure if the static code in that class could be removed. It definitely will mess up with the HttpsClient.
--
This message was sent by Atlassian JIRA
(v6.2#6252)