You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Ulf Lilleengen (JIRA)" <ji...@apache.org> on 2018/06/11 14:39:00 UTC

[jira] [Created] (DISPATCH-1028) requireSsl:true not working for http listeners

Ulf Lilleengen created DISPATCH-1028:
----------------------------------------

             Summary: requireSsl:true not working for http listeners
                 Key: DISPATCH-1028
                 URL: https://issues.apache.org/jira/browse/DISPATCH-1028
             Project: Qpid Dispatch
          Issue Type: Bug
            Reporter: Ulf Lilleengen


With the following router config, a client will be rejected even if it is connecting using TLS. The wireshark trace indicates that the TLS handshake completes successfully, but the router closes the connection and prints in the log 'amqp:connection:policy-error Client connection unencrypted - forbidden'.

 

If i set requireSsl: false , the client is able to connect both with and without TLS.

 
{code:java}

router {
mode: standalone
id: Router.A
}

sslProfile {
name: ssl_details
certFile: /etc/qpid-dispatch/tls.crt
privateKeyFile: /etc/qpid-dispatch/tls.key
}

listener {
host: 127.0.0.1
port: 8443
http: true
sslProfile: ssl_details
requireSsl: true
}

address {
prefix: q1
}
{code}
 

Example client:
{code:java}
sudo npm install -g cli-rhea
cli-rhea-sender --broker 127.0.0.1:8443 --address q1 --count 1 --conn-web-socket true --conn-ws-protocols binary --log-lib TRANSPORT_FRM{code}
 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org