xianhua liu created AMQ-5147:
--------------------------------
Summary: Secure Websocket Transport causes HttpsClient handshaking
fail
Key: AMQ-5147
URL: https://issues.apache.org/jira/browse/AMQ-5147
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.9.0, 5.8.0, 5.7.0
Environment: Windows 7
Reporter: xianhua liu
Priority: Critical
In my Java application, I configured secure websocket transport
wss://0.0.0.0:61614 for activemq broker. In the same JVM, there is httpsclient
to call web service. During handshaking process I found that the cipher suites
in the ClientHello message has only one or two supported cipher suites. See
example below:
*** ClientHello, TLSv1
RandomCookie: GMT: 1397495018 bytes = { 252, 79, 14, 225, 20, 20, 242, 57, 88,
102, 9, 34, 79, 216, 165, 186, 190, 50, 213, 135, 205, 128, 229, 154, 3, 82,
78, 32 }
Session ID: {}
Cipher Suites: [SSL_KRB5_WITH_3DES_EDE_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
Compression Methods: { 0 }
***
I found in the
org.apache.activemq.transport.https.Krb5AndCertsSslSocketConnector class static
code to set the system property "https.cipherSuites". The HttpsClient later
reads this property to get cipher suites for handshaking message.
I am not sure if the static code in that class could be removed. It definitely
will mess up with the HttpsClient.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
