Hi, Server Name Indication (SNI) is a TLS extension that clients send to indicate what domain they want to connect to during the initial TLS handshake. Modern TLS clients (e.g. browsers) always send the SNI extension; however, older TLS clients may not send the SNI extension.
AFAIR, sniRequired can be passed as system property (so via the bin/activemq script). You can also provide it in the sslContextFactory configure section of the jetty.xml (by adding it). Regards JB On Mon, Jan 13, 2025 at 4:57 AM Chitranshu Changdar <cchang...@opentext.com.invalid> wrote: > > Hi, > > Need some help with AMQ Classic configurations for HTTPS connection using the > ssl certificate. > At first, I was facing with issue with jetty.xml configuration for ssl > connection, but that was resolved with the help of AMQ-9405. > For this to work with https we must generate brokers.ks with specific > hostname and if we create a generic broker.ks with localhost or 0.0.0.0, then > it returns "HTTP ERROR 400 Invalid SNI". > Till 5.17.x or 5.18.x this was working with localhost value. > > From the other sources and Jetty documentation we could see this can be > disabled with the help of "jetty.sslContext.sniRequired". > So, my question is, is there any way to add this configuration in jetty.xml > or somewhere else ? > > If anyone can provide any resolution, that would be a great help. > > AMQ Classic Version : 6.1.4 > Platform : RHEL-9.3 > > Thanks > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org For additional commands, e-mail: dev-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
