You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "James Beamish-White (JIRA)" <ji...@apache.org> on 2016/09/01 01:21:20 UTC

[jira] [Comment Edited] (AMQ-6412) NMS fails to connect with ActiveMQ when using ssl://, SSLHandshakeException: no cipher suites in common

    [ https://issues.apache.org/jira/browse/AMQ-6412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15453947#comment-15453947 ] 

James Beamish-White edited comment on AMQ-6412 at 9/1/16 1:21 AM:
------------------------------------------------------------------

As noted in https://access.redhat.com/solutions/1165803, NMS does not support configuring the cipher suites on the client side. If you attempt it, it gives the following error:

{code}
Apache.NMS.NMSException: Invalid Uri parameter: transport.acceptInvalidBrokerCert=true,transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
   at Apache.NMS.Util.URISupport.ParseQuery(String query) in c:\dev\NMS\src\main\csharp\Util\URISupport.cs:line 84
   at Apache.NMS.ActiveMQ.ConnectionFactory.set_BrokerUri(Uri value) in c:\dev\NMS.ActiveMQ\src\main\csharp\ConnectionFactory.cs:line 205
   at Apache.NMS.ActiveMQ.ConnectionFactory..ctor(Uri brokerUri, String clientID) in c:\dev\NMS.ActiveMQ\src\main\csharp\ConnectionFactory.cs:line 104
   at Apache.NMS.ActiveMQ.ConnectionFactory..ctor(String brokerUri) in c:\dev\NMS.ActiveMQ\src\main\csharp\ConnectionFactory.cs:line 89
   at ActiveMQPOC.QueuePublisher..ctor(String queueName, String brokerUri, String clientId, String consumerId) in C:\TFS\code\ActiveMQPOC\ActiveMQPOC\ActiveMQPOC.cs:line 129
Press any key to exit...
{code}

So how can the ActiveMQ server be updated to change their cipher suites? As noted, this is a change between ActiveMQ 5.13 and 5.14, so should be fixable on the server side.


was (Author: jimmydix):
As noted in https://access.redhat.com/solutions/1165803, NMS does not support configuring the cipher suites on the client side. So how can the ActiveMQ server be updated to change their cipher suites?

As noted, this is a change between ActiveMQ 5.13 and 5.14, so should be fixable on the server side.

> NMS fails to connect with ActiveMQ when using ssl://, SSLHandshakeException: no cipher suites in common
> -------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-6412
>                 URL: https://issues.apache.org/jira/browse/AMQ-6412
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.14.0
>         Environment: Windows 10, JDK 1.8.0_91, Apache.NMS v4.0.30319
>            Reporter: James Beamish-White
>
> When trying to connect using Apache NMS, I get the following error:
> ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common
> The exact same Visual Studio NMS project works fine with ActiveMQ 5.13. So it seems that the cipher suite configuration in 5.14.x has changed, and no longer supports some ciphers that should be acceptable.
> A more detailed log is below:
> {code}
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, READ: TLSv1 Handshake, length = 120
> ClientHello, TLSv1
> RandomCookie:  GMT: 1455911462 bytes = { 25, 121, 104, 48, 195, 62, 217, 29, 109, 76, 31, 195, 198, 102, 13, 49, 169, 113, 75, 67, 28, 29, 173, 227, 71, 151, 221, 178 }
> Session ID:  {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
> Compression Methods:  { 0 }
> Extension server_name, server_name: [type=host_name (0), value=localhost]
> Extension elliptic_curves, curve names: {secp256r1, secp384r1}
> Extension ec_point_formats, formats: [uncompressed]
> Unsupported extension type_35, data:
> Unsupported extension type_23, data:
> Extension renegotiation_info, renegotiated_connection: <empty>
> %% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
> %% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, SEND TLSv1 ALERT:  fatal, description = handshake_failure
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, WRITE: TLSv1 Alert, length = 2
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, called closeSocket()
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
> ActiveMQ BrokerService[localhost] Task-1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
>  WARN | Transport Connection to: tcp://0:0:0:0:0:0:0:1:55511 failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common
> ActiveMQ Task-1, called close()
> ActiveMQ Task-1, called closeInternal(true)
> ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)