[
https://issues.apache.org/jira/browse/AMQ-5970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christopher L. Shannon closed AMQ-5970.
---------------------------------------
Resolution: Won't Fix
I don't think it is a good idea to automatically choose a different SSL
implementation for a user. The expected behavior is to use the JDK
implementation and I think we should stick with the default and document the
issue like Apollo does so that if a user runs into a problem they can switch
out the implementation if they want. I have added documentation to this page:
http://activemq.apache.org/how-do-i-use-ssl.html
> Weak ethereal DH key bug
> ------------------------
>
> Key: AMQ-5970
> URL: https://issues.apache.org/jira/browse/AMQ-5970
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.12.0
> Environment: JDK 1.7.0_79
> Reporter: Laura Mann
> Labels: ssl, ssl3, sslContext, websocket
>
> All modern browser's throw " SSL received a weak ephemeral Diffie-Hellman key
> in Server Key Exchange handshake message. (Error code:
> ssl_error_weak_server_ephemeral_dh_key) " when attempting to connect to a
> secure websocket via activemq. This appears to be related to enabling and
> disabling the correct cipher suite (though no combination using the
> transport.enabledCipherSuites=… option seems to work).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
