Author: buildbot
Date: Mon Sep 24 11:25:35 2018
New Revision: 1035630
Log:
Production update by buildbot for activemq
Modified:
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/ssl-transport-reference.html
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/ssl-transport-reference.html
==============================================================================
--- websites/production/activemq/content/ssl-transport-reference.html (original)
+++ websites/production/activemq/content/ssl-transport-reference.html Mon Sep
24 11:25:35 2018
@@ -104,8 +104,8 @@ ssl://localhost:61616?transport.needClie
</div></div><p>Unless the broker's SSL transport is configured for
transport.needClientAuth=true, the client won't need a keystore but requires a
truststore in order to validate the broker's certificate.</p><p>Similar to the
broker transport configuration you can pass on SSL transport options using
<strong>?socket.XXX</strong>, such
as</p><pre>ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</pre><h4
id="SSLTransportReference-HostnameValidation(Startingwithversion5.15.6)">Hostname
Validation (Starting with version 5.15.6)</h4><p>From version 5.15.6 ActiveMQ
now supports TLS Hostname validation.  This has been enabled by default
for the ActiveMQ client and is off by default on the broker.  To
configure:</p><h4
id="SSLTransportReference-Serversideconfigurationofhostnamevalidation">Server
side configuration of hostname validation</h4><p>The default for the server
side is to <strong>disable</strong> Hostname validation
and this can be configured with
<strong>?transport.verifyHostName</strong>.  This is only relevant for
2-way SSL and will cause the client's CN of their certificate to be compared to
their hostname to verify they match.</p><p>Example for how to enable on server
side if desired:</p><div class="preformatted panel" style="border-width:
1px;"><div class="preformattedContent panelContent">
<pre>ssl://localhost:61616?transport.verifyHostName=true
</pre>
-</div></div><h4
id="SSLTransportReference-Clientsideconfigurationofhostnamevalidation"><br
clear="none">Client side configuration of hostname validation</h4><p>The
default for the ActiveMQ client is to <strong>enable</strong> Hostname
validation and this can be configured with
<strong>?socket.verifyHostName</strong>.  This will cause the CN of the
server certificate to be compared to the server hostname to verify they
match.</p><p>Example to disable:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
-<pre>ssl://localhost:61616?socket.verifyHostName=false
+</div></div><h4
id="SSLTransportReference-Clientsideconfigurationofhostnamevalidation"><br
clear="none">Client side configuration of hostname validation</h4><p>The
default for the ActiveMQ client is to <strong>enable</strong> Hostname
validation and this can be configured with <strong>?socket.verifyHostName
</strong>or simply <strong>?verifyHostName </strong>with no prefix. 
This will cause the CN of the server certificate to be compared to the server
hostname to verify they match.</p><p>Example to disable:</p><div
class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
+<pre>ssl://localhost:61616?socket.verifyHostName=false or
ssl://localhost:61616?verifyHostName=false
</pre>
</div></div><p><br clear="none"></p><h4
id="SSLTransportReference-OtherLinks">Other Links</h4><ul><li><a shape="rect"
href="how-do-i-use-ssl.html">How do I use SSL</a></li></ul><p>You can also turn
on SSL debug informations this way by adding:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">-Djavax.net.debug=ssl
