[jira] [Commented] (AMQ-9661) ActiveMQ client jar code is sending both TLSv1.2 and TLSv1.3 in the ClientHello message, even when TLSv1.3 ssl context is set in SSLContext

Mon, 16 Jun 2025 22:26:02 -0700 


    [ 
https://issues.apache.org/jira/browse/AMQ-9661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17979550#comment-17979550
 ] 

Sumit Sharma commented on AMQ-9661:
-----------------------------------

Hi [~jbonofre] 

I have some doubts about this. If you try setting the context to TLSv1.2 
(similar to how TLSv1.3 is set in the example), you'll observe that only 
TLSv1.2 appears in the client hello's supported versions. However, based on 
your statement, if {{enabledProtocols}} is not specified, we should be seeing 
the full range of TLS versions — which doesn't seem to be the case.

let me work on other details that you need

> ActiveMQ client jar code is sending both TLSv1.2 and TLSv1.3 in the 
> ClientHello message, even when TLSv1.3 ssl context is set in SSLContext
> -------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-9661
>                 URL: https://issues.apache.org/jira/browse/AMQ-9661
>             Project: ActiveMQ Classic
>          Issue Type: Bug
>          Components: JMS client
>         Environment:   * {*}ActiveMQ jars Version{*}: 6.1.5
>  * {*}JDK Version{*}: JDK 17
>  * {*}Operating System{*}: linux
>            Reporter: Sumit Sharma
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 6.2.0, 6.1.8
>
>         Attachments: TlsExample.java
>
>
> We are configuring *ActiveMQ client classes* to use *TLSv1.3* explicitly by 
> setting the {{org.apache.activemq.broker.SslContext}} as follows:
> SslContext mqSslcontext = new SslContext();
> mqSslcontext .setCurrentSslContext( 
> javax.net.ssl.SSLContext.getInstance("TLSv1.3"))
> However, during the {*}SSL handshake{*}, the *ClientHello* message sent by 
> ActiveMQ still includes both *TLSv1.2 and TLSv1.3* in the 
> {{supported_versions}} extension, instead of restricting it to *TLSv1.3.*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to