You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Christopher L. Shannon (JIRA)" <ji...@apache.org> on 2015/09/22 16:57:05 UTC
[jira] [Closed] (AMQ-5970) Weak ethereal DH key bug
[ https://issues.apache.org/jira/browse/AMQ-5970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher L. Shannon closed AMQ-5970.
---------------------------------------
Resolution: Won't Fix
I don't think it is a good idea to automatically choose a different SSL implementation for a user. The expected behavior is to use the JDK implementation and I think we should stick with the default and document the issue like Apollo does so that if a user runs into a problem they can switch out the implementation if they want. I have added documentation to this page: http://activemq.apache.org/how-do-i-use-ssl.html
> Weak ethereal DH key bug
> ------------------------
>
> Key: AMQ-5970
> URL: https://issues.apache.org/jira/browse/AMQ-5970
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.12.0
> Environment: JDK 1.7.0_79
> Reporter: Laura Mann
> Labels: ssl, ssl3, sslContext, websocket
>
> All modern browser's throw " SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) " when attempting to connect to a secure websocket via activemq. This appears to be related to enabling and disabling the correct cipher suite (though no combination using the transport.enabledCipherSuites=… option seems to work).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)