[
https://issues.apache.org/jira/browse/AMQ-6412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15454052#comment-15454052
]
Timothy Bish commented on AMQ-6412:
-----------------------------------
If you read the documentation linked, you will see that you can configure the
broker side TransportConnector to enable cipher suites that have become
disabled most likely due to an update in your JVM which turned them off because
they are considered insecure. If you think that there is a specific comment
that intentionally disabled certain cipher suites broker side and can provide
us with that commit we can take a look but I'm not aware of any. If you need
help configuring the broker the Users mailing list is the place to ask
operational questions.
If you want to get the NMS client to support changing cipher suites then I'd
recommend opening a JIRA and better yet contributing a patch to add the
functionality, contributions are always welcomed.
> NMS fails to connect with ActiveMQ when using ssl://, SSLHandshakeException:
> no cipher suites in common
> -------------------------------------------------------------------------------------------------------
>
> Key: AMQ-6412
> URL: https://issues.apache.org/jira/browse/AMQ-6412
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.14.0
> Environment: Windows 10, JDK 1.8.0_91, Apache.NMS v4.0.30319
> Reporter: James Beamish-White
>
> When trying to connect using Apache NMS, I get the following error:
> ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 :
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> The exact same Visual Studio NMS project works fine with ActiveMQ 5.13. So it
> seems that the cipher suite configuration in 5.14.x has changed, and no
> longer supports some ciphers that should be acceptable.
> A more detailed log is below:
> {code}
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, READ: TLSv1 Handshake,
> length = 120
> ClientHello, TLSv1
> RandomCookie: GMT: 1455911462 bytes = { 25, 121, 104, 48, 195, 62, 217, 29,
> 109, 76, 31, 195, 198, 102, 13, 49, 169, 113, 75, 67, 28, 29, 173, 227, 71,
> 151, 221, 178 }
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5]
> Compression Methods: { 0 }
> Extension server_name, server_name: [type=host_name (0), value=localhost]
> Extension elliptic_curves, curve names: {secp256r1, secp384r1}
> Extension ec_point_formats, formats: [uncompressed]
> Unsupported extension type_35, data:
> Unsupported extension type_23, data:
> Extension renegotiation_info, renegotiated_connection: <empty>
> %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
> %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, SEND TLSv1 ALERT: fatal,
> description = handshake_failure
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, WRITE: TLSv1 Alert, length
> = 2
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, called closeSocket()
> ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, handling exception:
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> ActiveMQ BrokerService[localhost] Task-1, handling exception:
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> WARN | Transport Connection to: tcp://0:0:0:0:0:0:0:1:55511 failed:
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> ActiveMQ Task-1, called close()
> ActiveMQ Task-1, called closeInternal(true)
> ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 :
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
