[ https://issues.apache.org/jira/browse/ARTEMIS-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17128296#comment-17128296 ]
Justin Bertram commented on ARTEMIS-2794: ----------------------------------------- bq. AMQ212004: Failed to connect to server. As far as I can tell this error is related to your configuration which looks broken to me. Both your master and slave have a single acceptor listening on port 61617. However, _all_ of the connectors you have defined are going to port 61616. This won't work. The connectors should connect to wherever the corresponding acceptor is listening. If your acceptors were listening on port 61616 that would be a step in the right direction, but even then it still wouldn't work because your acceptor is configured for SSL but your connectors are not. bq. AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis'. See [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html] for more details. I don't think this is related to your issue at all. Did you happen to review http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html? It discusses why the {{SSLv2Hello}} protocol needs to be disabled. The broker will automatically disable this protocol on any system which doesn't already have it disabled. This will not negatively impact client connectivity, and is considered "normal" which is why it is logged at {{INFO}} level. bq. AMQ224088: Timeout (10 seconds) while handshaking with ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred. This error message has nothing to do with SSL. It's simply telling you that a client connected to an acceptor but didn't conduct any kind of messaging protocol handshake. All of your issues are rooted in misconfigurations and misunderstandings, not bugs. If you have additional questions please follow up on the [ActiveMQ user mailing list|http://activemq.apache.org/contact/#mailing]. Jira is generally reserved for confirmed bugs or feature requests, not questions about broken configurations. Lastly, I recommend you upgrade to the [latest release|http://activemq.apache.org/components/artemis/download/]. There have been numerous bug fixes and new features added since 2.11.0. > Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in > redhat mq 7.6 > ------------------------------------------------------------------------------------------ > > Key: ARTEMIS-2794 > URL: https://issues.apache.org/jira/browse/ARTEMIS-2794 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: JMX, OpenWire > Affects Versions: 2.11.0 > Environment: Pre-prod,SIT > Reporter: Aman Verma > Priority: Major > Fix For: 2.11.0 > > Attachments: master_broker, slave_broker > > > I am getting below error while implementing HA over ssl enabled acceptors in > both master and slave. > Error on master: > {noformat} > 2020-06-07 15:03:33,800 WARN [org.apache.activemq.artemis.core.client] > AMQ212004: Failed to connect to server. > 2020-06-07 15:03:39,820 INFO [org.apache.activemq.artemis.core.server] > AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor > 'artemis'. See > [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html] > for more details.{noformat} > This keep on repeating like anything in logs making CPU and JVM heap to go > high! > {noformat} > ERROR [org.apache.activemq.artemis.core.server] AMQ224088: *Timeout (10 > seconds) while handshaking with > ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred. > {noformat} > Master is not able to communicate to slave over ssl causing time out issue > where sslv2 protocol is being shared by slave which is not accepted by > master. > # Could you please help on why slave is sending sslv2 protocol if the same > has been deprecated by oracle JVM in JDK 7 onwards and we are using JDK 8 ? > # When client connects(external) to broker then TLS protocol is provided in > transport settings from their side, then why for internal communication where > master and slave or cluster brokers have to share information SSLV2 is used > (which is again blocked by JVM installed saying unsecure protocol) - This is > strange where internal communication in a product is blocked while external > is working :) > My broker configurations are attached: [^master_broker] [^slave_broker]. -- This message was sent by Atlassian Jira (v8.3.4#803005)