[
https://issues.apache.org/jira/browse/ARTEMIS-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram reassigned ARTEMIS-2794:
---------------------------------------
Assignee: (was: Clebert Suconic)
> Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in
> redhat mq 7.6
> ------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-2794
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2794
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: JMX, OpenWire
> Affects Versions: 2.11.0
> Environment: Pre-prod,SIT
> Reporter: Aman Verma
> Priority: Major
> Fix For: 2.11.0
>
> Attachments: master_broker, slave_broker
>
>
> Hi Team,
> I am getting below error while implementing HA over ssl enabled acceptors in
> both master and slave.
> Error Master:
> ----------------------------------------------------------------------------------------------
> 2020-06-07 15:03:33,800 WARN [org.apache.activemq.artemis.core.client]
> AMQ212004: Failed to connect to server.
> 2020-06-07 15:03:39,820 INFO [org.apache.activemq.artemis.core.server]
> AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor
> 'artemis'. See
> [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html]
> for more details.
>
> This keep on repeating like anything in logs making CPU and JVM heap to go
> high!
> {{ERROR [org.apache.activemq.artemis.core.server] AMQ224088: *Timeout (10
> seconds) while handshaking with
> ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred.}}
> {{}}
> {{Master is not able to communicate to slave over ssl causing time out issue
> where sslv2 protocol is being shared by slave which is not accepted by
> master.}}
>
> 1.Could you please help on why slave is sending sslv2 protocol if the same
> has been deprecated by oracle JVM in JDK 7 onwards and we are using JDK 8 ?
>
> 2.When client connects(external) to broker then TLS protocol is provided in
> transport settings from their side, then why for internal communication where
> master and slave or cluster brokers have to share information SSLV2 is used
> (which is again blocked by JVM installed saying unsecure protocol) - This is
> strange where internal communication in a product is blocked while external
> is working :)
> -------------------------------------------------------------------------------
> my broker xml' are attached below:
>
> Any help will be much appreciated![^master_broker][^slave_broker]
>
>
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
