You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by bu...@apache.org on 2018/09/10 11:25:28 UTC
svn commit: r1034940 - in /websites/production/activemq/content:
activemq-5155-release.html cache/main.pageCache ssl-transport-reference.html
Author: buildbot
Date: Mon Sep 10 11:25:28 2018
New Revision: 1034940
Log:
Production update by buildbot for activemq
Modified:
websites/production/activemq/content/activemq-5155-release.html
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/ssl-transport-reference.html
Modified: websites/production/activemq/content/activemq-5155-release.html
==============================================================================
--- websites/production/activemq/content/activemq-5155-release.html (original)
+++ websites/production/activemq/content/activemq-5155-release.html Mon Sep 10 11:25:28 2018
@@ -82,10 +82,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><p><br clear="none"></p><div style="padding-right:20px;float:left;margin-left:-20px;"><p><br clear="none"></p></div>
-
-
-<p><br clear="none"></p><p> </p><h2 id="ActiveMQ5.15.5Release-ActiveMQ5.15.5Release">ActiveMQ 5.15.5 Release</h2><p>Apache ActiveMQ 5.15.5 includes several resolved<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12343307"> issues</a> and bug fixes.</p><h3 id="ActiveMQ5.15.5Release-GettingtheBinaryDistributions">Getting the Binary Distributions</h3><div class="table-wrap"><table class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Download Link</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p><em>Verify</em></p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Windows Distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http
://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.zip&action=download">apache-activemq-5.15.5-bin.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.asc">ASC</a>, <a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.sha512">SHA512</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Unix/Linux/Cygwin Distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz&action=download">apache-activemq-5.15.5-bin.tar.gz</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activ
emq-5.15.5-bin.tar.gz.asc">ASC</a>, <a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz.sha512">SHA512</a></p></td></tr></tbody></table></div><p></p><h2 id="ActiveMQ5.15.5Release-VerifytheIntegrityofDownloads">Verify the Integrity of Downloads</h2><p>It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. The PGP signatures can be verified using PGP or GPG. Begin by following these steps:</p><ol><li>Download the <a shape="rect" class="external-link" href="http://www.apache.org/dist/activemq/KEYS">KEYS</a></li><li>Download the asc signature file for the relevant distribution</li><li><p>Verify the signatures using the following commands, depending on your use of PGP or GPG:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><h2 id="ActiveMQ5.15.5Release-ActiveMQ5.15.5Release">ActiveMQ 5.15.5 Release</h2><p>Apache ActiveMQ 5.15.5 includes several resolved<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12343307"> issues</a> and bug fixes.</p><h3 id="ActiveMQ5.15.5Release-GettingtheBinaryDistributions">Getting the Binary Distributions</h3><div class="table-wrap"><table class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Download Link</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p><em>Verify</em></p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Windows Distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="htt
p://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.zip&action=download">apache-activemq-5.15.5-bin.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.asc">ASC</a>, <a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.sha512">SHA512</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Unix/Linux/Cygwin Distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz&action=download">apache-activemq-5.15.5-bin.tar.gz</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-acti
vemq-5.15.5-bin.tar.gz.asc">ASC</a>, <a shape="rect" class="external-link" href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz.sha512">SHA512</a></p></td></tr></tbody></table></div><p></p><h2 id="ActiveMQ5.15.5Release-VerifytheIntegrityofDownloads">Verify the Integrity of Downloads</h2><p>It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. The PGP signatures can be verified using PGP or GPG. Begin by following these steps:</p><ol><li>Download the <a shape="rect" class="external-link" href="http://www.apache.org/dist/activemq/KEYS">KEYS</a></li><li>Download the asc signature file for the relevant distribution</li><li><p>Verify the signatures using the following commands, depending on your use of PGP or GPG:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">$ pgpk -a KEYS
$ pgpv apache-activemq-<version>-bin.tar.gz.asc
</pre>
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/ssl-transport-reference.html
==============================================================================
--- websites/production/activemq/content/ssl-transport-reference.html (original)
+++ websites/production/activemq/content/ssl-transport-reference.html Mon Sep 10 11:25:28 2018
@@ -90,7 +90,7 @@
ssl://localhost:61616?transport.needClientAuth=true
</pre>
</div></div><p> </p><h4 id="SSLTransportReference-Clientconfiguration">Client configuration</h4><p>JMS clients can simply use the <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/5.9.0/apidocs/org/apache/activemq/ActiveMQSslConnectionFactory.html">ActiveMQSslConnectionFactory</a> together with an ssl:// broker url as the following Spring configuration illustrates</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
+<pre class="brush: java; gutter: false; theme: Default">
<bean id="AMQJMSConnectionFactory" class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="trustStore" value="/path/to/truststore.ts" />
<property name="trustStorePassword" value="password" />
@@ -101,11 +101,17 @@ ssl://localhost:61616?transport.needClie
<property name="password" value="admin" />
</bean>
</pre>
-</div></div><p>Unless the broker's SSL transport is configured for transport.needClientAuth=true, the client won't need a keystore but requires a truststore in order to validate the broker's certificate.</p><p>Similar to the broker transport configuration you can pass on SSL transport options using <strong>?socket.XXX</strong>, such as</p><pre>ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</pre><h4 id="SSLTransportReference-OtherLinks">Other Links</h4><ul><li><a shape="rect" href="how-do-i-use-ssl.html">How do I use SSL</a></li></ul><p>You can also turn on SSL debug informations this way by adding:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Djavax.net.debug=ssl
+</div></div><p>Unless the broker's SSL transport is configured for transport.needClientAuth=true, the client won't need a keystore but requires a truststore in order to validate the broker's certificate.</p><p>Similar to the broker transport configuration you can pass on SSL transport options using <strong>?socket.XXX</strong>, such as</p><pre>ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</pre><h4 id="SSLTransportReference-HostnameValidation(Startingwithversion5.15.6)">Hostname Validation (Starting with version 5.15.6)</h4><p>From version 5.15.6 ActiveMQ now supports TLS Hostname validation.  This has been enabled by default for the ActiveMQ client and is off by default on the broker.  To configure:</p><h4 id="SSLTransportReference-Serversideconfigurationofhostnamevalidation">Server side configuration of hostname validation</h4><p>The default for the server side is to <strong>disable</strong> Hostname validation
and this can be configured with <strong>?transport.verifyHostName</strong>.  This is only relevant for 2-way SSL and will cause the client's CN of their certificate to be compared to their hostname to verify they match.</p><p>Example for how to enable on server side if desired:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
+<pre>ssl://localhost:61616?transport.verifyHostName=true
+</pre>
+</div></div><h4 id="SSLTransportReference-Clientsideconfigurationofhostnamevalidation"><br clear="none">Client side configuration of hostname validation</h4><p>The default for the ActiveMQ client is to <strong>enable</strong> Hostname validation and this can be configured with <strong>?socket.verifyHostName</strong>.  This will cause the CN of the server certificate to be compared to the server hostname to verify they match.</p><p>Example to disable:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
+<pre>ssl://localhost:61616?socket.verifyHostName=false
+</pre>
+</div></div><p><br clear="none"></p><h4 id="SSLTransportReference-OtherLinks">Other Links</h4><ul><li><a shape="rect" href="how-do-i-use-ssl.html">How do I use SSL</a></li></ul><p>You can also turn on SSL debug informations this way by adding:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default">-Djavax.net.debug=ssl
</pre>
</div></div><p>this way you can see what goes wrong and why you get connections closed.</p><div class="confluence-information-macro confluence-information-macro-warning"><p class="title">"Be careful with multicast discovery"</p><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>If your XML configuration file contains the following and you wish to use SSL</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;"> <networkConnector uri="multicast://default"/>
+<pre class="brush: java; gutter: false; theme: Default"> <networkConnector uri="multicast://default"/>
</pre>
</div></div><p>Then you will currently need to comment that out.<br clear="none"> The reason is to prevent ActiveMQ atempting to connect to itself - if you do this with a self-signed<br clear="none"> certificate, you will get a constant spam of certificate_unknown<br clear="none"> stacktraces to the console, as the broker is not configured with the<br clear="none"> truststore,</p></div></div></div>
</td>