[jira] [Closed] (ARTEMIS-2794) Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in redhat mq 7.6

Mon, 08 Jun 2020 06:23:12 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Bertram closed ARTEMIS-2794.
-----------------------------------
    Resolution: Not A Bug

> Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in 
> redhat mq 7.6
> ------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-2794
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2794
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: JMX, OpenWire
>    Affects Versions: 2.11.0
>         Environment: Pre-prod,SIT
>            Reporter: Aman Verma
>            Priority: Major
>             Fix For: 2.11.0
>
>         Attachments: master_broker, slave_broker
>
>
> I am getting below error while implementing HA over ssl enabled acceptors in 
> both master and slave.
> Error on master:
> {noformat}
> 2020-06-07 15:03:33,800 WARN [org.apache.activemq.artemis.core.client] 
> AMQ212004: Failed to connect to server.
> 2020-06-07 15:03:39,820 INFO [org.apache.activemq.artemis.core.server] 
> AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 
> 'artemis'. See 
> [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html]
>  for more details.{noformat}
> This keep on repeating like anything in logs making CPU and JVM heap to go 
> high!
> {noformat}
> ERROR [org.apache.activemq.artemis.core.server] AMQ224088: *Timeout (10 
> seconds) while handshaking with 
> ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred.
> {noformat}
> Master is not able to communicate to slave over ssl causing time out issue 
> where sslv2 protocol is being shared by slave which is not accepted by 
> master. 
> # Could you please help on why slave is sending sslv2 protocol if the same 
> has been deprecated by oracle JVM in JDK 7 onwards and we are using JDK 8 ?
> # When client connects(external) to broker then TLS protocol is provided in 
> transport settings from their side, then why for internal communication where 
> master and slave or cluster brokers have to share information SSLV2 is used 
> (which is again blocked by JVM installed saying unsecure protocol) - This is 
> strange where internal communication in a product is blocked while external 
> is working :)
> My broker configurations are attached: [^master_broker] [^slave_broker].



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to