[jira] [Resolved] (AMQ-4582) Specifying invalid ciphersuite in SSL transport causes all available ciphersuites to be enabled

Thu, 08 Aug 2013 13:29:49 -0700 

     [ 
https://issues.apache.org/jira/browse/AMQ-4582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Timothy Bish resolved AMQ-4582.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 5.9.0
         Assignee: Timothy Bish

I've patched the problem in the code for now by treating this option as a 
special case just to ensure we don't start up with all suites enabled as that's 
just not good.  We should still look to improve this so that bad options are 
detected and cause things to not start.  
                
> Specifying invalid ciphersuite in SSL transport causes all available 
> ciphersuites to be enabled
> -----------------------------------------------------------------------------------------------
>
>                 Key: AMQ-4582
>                 URL: https://issues.apache.org/jira/browse/AMQ-4582
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.8.0
>         Environment: Linux 3.2.0-41-generic x86_64
>            Reporter: Robert Huffman
>            Assignee: Timothy Bish
>              Labels: security, ssl
>             Fix For: 5.9.0
>
>         Attachments: AMQ-4582.patch
>
>
> If you use an invalid cipher suite in the parameter 
> "transport.enabledCipherSuites" on an SSL transport connector, the broker 
> will start with all ciphers enabled.
> For example, use this transport connector:
>     <transportConnectors>
>       <transportConnector name="ssl" 
> uri="ssl://localhost:61717?needClientAuth=true&amp;transport.enabledCipherSuites=foobar"/>
>     </transportConnectors>
> This is an attempt to enable the ciphersuite "foobar". The broker starts, 
> and, in my environment I end up with 26 cipher suites enabled, 10 of which 
> are generally considered weak.
> Using the debugger I tracked this down to the method 
> org.apache.activemq.util.IntrospectionSupport.setProperty. It uses reflection 
> to invoke SSLServerSocket.setEnabledCipherSuites. That method throws an 
> IllegalArgumentException if the specified ciphersuite is enabled. 
> IntrospectionSupport.setProperty catches the exception and returns false.
> I believe that this code should not be ignoring exceptions like this. This is 
> a major security flaw: if a user is attempting to lock down ActiveMQ to a 
> specific strong cipher suite, but makes a typo, the broker starts with with 
> the ability to use weaker cipher suites.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to