...
The configuration options from TCP are relevant.
Example URI
![]() No Format |
ssl://localhost:61616?trace=false
|
...
From version 5.4 any SSLServerSocket option may be set on a TransportConnection via ?transport.XXX, for example:
![]() No Format |
ssl://localhost:61616?transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
ssl://localhost:61616?transport.needClientAuth=true
|
On the client side you can pass on similar options using ?socket.XXX, such as
ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Client configuration
JMS clients can simply use the ActiveMQSslConnectionFactory together with an ssl:// broker url as the following Spring configuration illustrates
...
You can also turn on SSL debug informations this way by adding:
![]() Code Block |
-Djavax.net.debug=ssl
|
this way you can see what goes wrong and why you get connections closed.
![]() Warning |
| title |
"Be careful with multicast discovery" |
|
| If your XML configuration file contains the following and you wish to use SSL
![]() Code Block |
<networkConnector uri="multicast://default"/>
|
Then you will currently need to comment that out.
The reason is to prevent ActiveMQ atempting to connect to itself - if you do this with a self-signed
certificate, you will get a constant spam of certificate_unknown
stacktraces to the console, as the broker is not configured with the
truststore, |
