If you want to completely disable the 5672 port, use --listen-disable tcp. The require-encryption option only works when authentication is enabled.
On Wed, Oct 5, 2022 at 4:14 PM Michael Ivanov <iv...@logit-ag.de> wrote: > > Greetings! > > I observed strange qpidd behavior. It is started from systemd with following > command line: > > /usr/sbin/qpidd --config /etc/qpid/qpidd.conf > > qpidd.conf contains following options: > > pid-dir=/var/run > mgmt-enable=yes > require-encryption=yes > ssl-cert-db=/etc/qpid/certs > ssl-cert-name=qpid.logit-ag.de > ssl-port=5671 > auth=no > > Daemon listens on both ports (5671 and 5672) but when I try to access it > using eg. qpid-tool -q I'm getting the expected results: > > qpid-stat -b amqps://localhost:5671 -q -- works > > qpid-stat -b amqp://localhost:5672 -q > -- fails (as expected) with 'encryption required' error. > > One of my colleagues claimed that he was able to send a message successfully > to this broker using *unencrypted* connection to port 5672. I captured the > traffic to this broker and to my surprise I have seen a message in plain text, > which was successfully delivered to receiver. He used this package to send > the message: > > https://mvnrepository.com/artifact/org.apache.qpid/qpid-jms-client/2.0.0 > > Now what do I miss in my qpidd configuration? > > qpidd version used is 1.39.0 > > Best regards, > > -- > > Michael Ivanov --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
