Robert Huffman created AMQ-4582:
-----------------------------------
Summary: Specifying invalid ciphersuite in SSL transport causes
all available ciphersuites to be enabled
Key: AMQ-4582
URL: https://issues.apache.org/jira/browse/AMQ-4582
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.8.0
Environment: Linux 3.2.0-41-generic x86_64
Reporter: Robert Huffman
If you use an invalid cipher suite in the parameter
"transport.enabledCipherSuites" on an SSL transport connector, the broker will
start with all ciphers enabled.
For example, use this transport connector:
<transportConnectors>
<transportConnector name="ssl"
uri="ssl://localhost:61717?needClientAuth=true&transport.enabledCipherSuites=foobar"/>
</transportConnectors>
This is an attempt to enable the ciphersuite "foobar". The broker starts, and,
in my environment I end up with 26 cipher suites enabled, 10 of which are
generally considered weak.
Using the debugger I tracked this down to the method
org.apache.activemq.util.IntrospectionSupport.setProperty. It uses reflection
to invoke SSLServerSocket.setEnabledCipherSuites. That method throws an
IllegalArgumentException if the specified ciphersuite is enabled.
IntrospectionSupport.setProperty catches the exception and returns false.
I believe that this code should not be ignoring exceptions like this. This is a
major security flaw: if a user is attempting to lock down ActiveMQ to a
specific strong cipher suite, but makes a typo, the broker starts with with the
ability to use weaker cipher suites.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
