You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Christopher L. Shannon (JIRA)" <ji...@apache.org> on 2015/09/22 16:57:05 UTC

[jira] [Closed] (AMQ-5970) Weak ethereal DH key bug

     [ https://issues.apache.org/jira/browse/AMQ-5970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christopher L. Shannon closed AMQ-5970.
---------------------------------------
    Resolution: Won't Fix

I don't think it is a good idea to automatically choose a different SSL implementation for a user.  The expected behavior is to use the JDK  implementation and I think we should stick with the default and document the issue like Apollo does so that if a user runs into a problem they can switch out the implementation if they want. I have added documentation to this page: http://activemq.apache.org/how-do-i-use-ssl.html

> Weak ethereal DH key bug
> ------------------------
>
>                 Key: AMQ-5970
>                 URL: https://issues.apache.org/jira/browse/AMQ-5970
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.12.0
>         Environment: JDK 1.7.0_79
>            Reporter: Laura Mann
>              Labels: ssl, ssl3, sslContext, websocket
>
> All modern browser's throw " SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) " when attempting to connect to a secure websocket via activemq.  This appears to be related to enabling and disabling the correct cipher suite (though no combination using the transport.enabledCipherSuites=… option seems to work).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)