You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by mrh <mr...@gmail.com> on 2009/02/11 18:28:24 UTC
How to specify SSL Ciphers
According to JSSE, it is possible to specify cipher suites in the SSLSocket
class:
http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html
Is it possible in the ActiveMQConnectionFactory to access this property so
that we can set the cipher suites for communication with the broker?
Maybe in the transport options of the URI (for example:
ssl://localhost:port?enabledCipherSuites=...")?
Or in the ActiveMQ.xml file?
Or, even the SSL_OPTS property?
I'm still trying to understand the Introspection and was curious if this is
possible?
Thanks,
mrh
--
View this message in context: http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p21958278.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: How to specify SSL Ciphers
Posted by mrh <mr...@gmail.com>.
"&socket.enabledCipherSuites=..." does not seem to be working.
Am I doing something wrong?
Also, I can't seem to use the SSLTransportFactory class (which has a
"compositeConfigure" method) in conjunction with the ActiveMQConnection
class.
Any assistance is greatly appreciated.
-mrh
mrh wrote:
>
> According to JSSE, it is possible to specify cipher suites in the
> SSLSocket class:
>
> http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html
>
> Is it possible in the ActiveMQConnectionFactory to access this property so
> that we can set the cipher suites for communication with the broker?
>
> Maybe in the transport options of the URI (for example:
> ssl://localhost:port?enabledCipherSuites=...")?
> Or in the ActiveMQ.xml file?
> Or, even the SSL_OPTS property?
>
> I'm still trying to understand the Introspection and was curious if this
> is possible?
>
> Thanks,
> mrh
>
--
View this message in context: http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p21981427.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: How to specify SSL Ciphers
Posted by Dejan Bosanac <de...@nighttale.net>.
Hi Hans,
this is not supported yet. I just filed an enhancement request
https://issues.apache.org/activemq/browse/AMQ-2127
Cheers
--
Dejan Bosanac
Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net
On Thu, Feb 19, 2009 at 3:02 AM, ihanslee <ha...@hotmail.com> wrote:
>
> Dejan,
>
> Thanks for the quick reply. I tried socket.enabledCipherSuites in the
> transport url (ssl://localhost:port?socket.enabledCipherSuites=..."), it
> does not work. I tried to set it in the SSL_OPTS, didn't work either.
>
> Can you be more specific on how to add <sslParameters> to <sslContext>
> configuration?
>
> now my config for sslContext is
> e.g.
> <sslContext>
> <sslContext keyStore="file:${activemq.base}/conf/mykeystore.ks"
> keyStorePassword="mykspw"
> trustStore="file:${activemq.base}/conf/mytruststore"
> trustStorePassword="mytspw"/>
> </sslContext>
>
> Don't know how to add it exactly.
>
> Thanks.
> Hans
>
>
> Dejan Bosanac wrote:
> >
> > Hi,
> >
> > can you try socket.enabledCipherSuites parameter, but I'm not sure how
> > Introspection support works for String[]? The other option would be to
> add
> > <sslParameters> to <sslContext> configuration.
> >
> > Cheers
> > --
> > Dejan Bosanac
> >
> > Open Source Integration - http://fusesource.com/
> > ActiveMQ in Action - http://www.manning.com/snyder/
> > Blog - http://www.nighttale.net
> >
> >
> > On Wed, Feb 18, 2009 at 3:28 AM, ihanslee <ha...@hotmail.com> wrote:
> >
> >>
> >> does anyone get an answer to this? much Thanks in advance.
> >>
> >> Thanks,
> >> Hans
> >>
> >>
> >> mrh wrote:
> >> >
> >> > According to JSSE, it is possible to specify cipher suites in the
> >> > SSLSocket class:
> >> >
> >> > http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html
> >> >
> >> > Is it possible in the ActiveMQConnectionFactory to access this
> property
> >> so
> >> > that we can set the cipher suites for communication with the broker?
> >> >
> >> > Maybe in the transport options of the URI (for example:
> >> > ssl://localhost:port?enabledCipherSuites=...")?
> >> > Or in the ActiveMQ.xml file?
> >> > Or, even the SSL_OPTS property?
> >> >
> >> > I'm still trying to understand the Introspection and was curious if
> >> this
> >> > is possible?
> >> >
> >> > Thanks,
> >> > mrh
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p22070952.html
> >> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
> >>
> >>
> >
> >
> > -----
> > Dejan Bosanac
> >
> > Open Source Integration - http://fusesource.com/
> > ActiveMQ in Action - http://www.manning.com/snyder/
> > Blog - http://www.nighttale.net
> >
>
> --
> View this message in context:
> http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p22092628.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
Re: How to specify SSL Ciphers
Posted by ihanslee <ha...@hotmail.com>.
Dejan,
Thanks for the quick reply. I tried socket.enabledCipherSuites in the
transport url (ssl://localhost:port?socket.enabledCipherSuites=..."), it
does not work. I tried to set it in the SSL_OPTS, didn't work either.
Can you be more specific on how to add <sslParameters> to <sslContext>
configuration?
now my config for sslContext is
e.g.
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/mykeystore.ks"
keyStorePassword="mykspw"
trustStore="file:${activemq.base}/conf/mytruststore"
trustStorePassword="mytspw"/>
</sslContext>
Don't know how to add it exactly.
Thanks.
Hans
Dejan Bosanac wrote:
>
> Hi,
>
> can you try socket.enabledCipherSuites parameter, but I'm not sure how
> Introspection support works for String[]? The other option would be to add
> <sslParameters> to <sslContext> configuration.
>
> Cheers
> --
> Dejan Bosanac
>
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
>
>
> On Wed, Feb 18, 2009 at 3:28 AM, ihanslee <ha...@hotmail.com> wrote:
>
>>
>> does anyone get an answer to this? much Thanks in advance.
>>
>> Thanks,
>> Hans
>>
>>
>> mrh wrote:
>> >
>> > According to JSSE, it is possible to specify cipher suites in the
>> > SSLSocket class:
>> >
>> > http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html
>> >
>> > Is it possible in the ActiveMQConnectionFactory to access this property
>> so
>> > that we can set the cipher suites for communication with the broker?
>> >
>> > Maybe in the transport options of the URI (for example:
>> > ssl://localhost:port?enabledCipherSuites=...")?
>> > Or in the ActiveMQ.xml file?
>> > Or, even the SSL_OPTS property?
>> >
>> > I'm still trying to understand the Introspection and was curious if
>> this
>> > is possible?
>> >
>> > Thanks,
>> > mrh
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p22070952.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>>
>
>
> -----
> Dejan Bosanac
>
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
>
--
View this message in context: http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p22092628.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: How to specify SSL Ciphers
Posted by Dejan Bosanac <de...@nighttale.net>.
Hi,
can you try socket.enabledCipherSuites parameter, but I'm not sure how
Introspection support works for String[]? The other option would be to add
<sslParameters> to <sslContext> configuration.
Cheers
--
Dejan Bosanac
Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net
On Wed, Feb 18, 2009 at 3:28 AM, ihanslee <ha...@hotmail.com> wrote:
>
> does anyone get an answer to this? much Thanks in advance.
>
> Thanks,
> Hans
>
>
> mrh wrote:
> >
> > According to JSSE, it is possible to specify cipher suites in the
> > SSLSocket class:
> >
> > http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html
> >
> > Is it possible in the ActiveMQConnectionFactory to access this property
> so
> > that we can set the cipher suites for communication with the broker?
> >
> > Maybe in the transport options of the URI (for example:
> > ssl://localhost:port?enabledCipherSuites=...")?
> > Or in the ActiveMQ.xml file?
> > Or, even the SSL_OPTS property?
> >
> > I'm still trying to understand the Introspection and was curious if this
> > is possible?
> >
> > Thanks,
> > mrh
> >
>
> --
> View this message in context:
> http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p22070952.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
Re: How to specify SSL Ciphers
Posted by ihanslee <ha...@hotmail.com>.
does anyone get an answer to this? much Thanks in advance.
Thanks,
Hans
mrh wrote:
>
> According to JSSE, it is possible to specify cipher suites in the
> SSLSocket class:
>
> http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html
>
> Is it possible in the ActiveMQConnectionFactory to access this property so
> that we can set the cipher suites for communication with the broker?
>
> Maybe in the transport options of the URI (for example:
> ssl://localhost:port?enabledCipherSuites=...")?
> Or in the ActiveMQ.xml file?
> Or, even the SSL_OPTS property?
>
> I'm still trying to understand the Introspection and was curious if this
> is possible?
>
> Thanks,
> mrh
>
--
View this message in context: http://www.nabble.com/How-to-specify-SSL-Ciphers-tp21958278p22070952.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.