[
https://issues.apache.org/jira/browse/ARTEMIS-576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram closed ARTEMIS-576.
----------------------------------
Resolution: Not A Problem
Assignee: Justin Bertram
The log message here was moved from WARN down to INFO via ARTEMIS-563.
Also, the message here indicates that the default protocols from the JVM are
vulnerable and Artemis is taking action to remove the vulnerable protocol in
order to be safe.
> Artemis should use safe SSL defaults
> ------------------------------------
>
> Key: ARTEMIS-576
> URL: https://issues.apache.org/jira/browse/ARTEMIS-576
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Reporter: Lionel Cons
> Assignee: Justin Bertram
>
> Enabling SSL with the default options, Artemis logs a warning:
> {code}
> 2016-06-20 08:43:18,253 [org.apache.activemq.artemis.core.server] WARN
> AMQ222190: Disallowing use of vulnerable protocol: SSLv2Hello. See
> http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
> for more details.
> {code}
> With default options (here {{enabledProtocols}} is not set), Artemis should
> be safe and silent (= no warnings). So the default list of protocols should
> not include {{SSLv2Hello}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
