[
https://issues.apache.org/jira/browse/ARTEMIS-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17128296#comment-17128296
]
Justin Bertram commented on ARTEMIS-2794:
-----------------------------------------
bq. AMQ212004: Failed to connect to server.
As far as I can tell this error is related to your configuration which looks
broken to me. Both your master and slave have a single acceptor listening on
port 61617. However, _all_ of the connectors you have defined are going to port
61616. This won't work. The connectors should connect to wherever the
corresponding acceptor is listening. If your acceptors were listening on port
61616 that would be a step in the right direction, but even then it still
wouldn't work because your acceptor is configured for SSL but your connectors
are not.
bq. AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor
'artemis'. See
[http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html]
for more details.
I don't think this is related to your issue at all. Did you happen to review
http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html?
It discusses why the {{SSLv2Hello}} protocol needs to be disabled. The broker
will automatically disable this protocol on any system which doesn't already
have it disabled. This will not negatively impact client connectivity, and is
considered "normal" which is why it is logged at {{INFO}} level.
bq. AMQ224088: Timeout (10 seconds) while handshaking with
ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred.
This error message has nothing to do with SSL. It's simply telling you that a
client connected to an acceptor but didn't conduct any kind of messaging
protocol handshake.
All of your issues are rooted in misconfigurations and misunderstandings, not
bugs. If you have additional questions please follow up on the [ActiveMQ user
mailing list|http://activemq.apache.org/contact/#mailing]. Jira is generally
reserved for confirmed bugs or feature requests, not questions about broken
configurations.
Lastly, I recommend you upgrade to the [latest
release|http://activemq.apache.org/components/artemis/download/]. There have
been numerous bug fixes and new features added since 2.11.0.
> Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in
> redhat mq 7.6
> ------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-2794
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2794
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: JMX, OpenWire
> Affects Versions: 2.11.0
> Environment: Pre-prod,SIT
> Reporter: Aman Verma
> Priority: Major
> Fix For: 2.11.0
>
> Attachments: master_broker, slave_broker
>
>
> I am getting below error while implementing HA over ssl enabled acceptors in
> both master and slave.
> Error on master:
> {noformat}
> 2020-06-07 15:03:33,800 WARN [org.apache.activemq.artemis.core.client]
> AMQ212004: Failed to connect to server.
> 2020-06-07 15:03:39,820 INFO [org.apache.activemq.artemis.core.server]
> AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor
> 'artemis'. See
> [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html]
> for more details.{noformat}
> This keep on repeating like anything in logs making CPU and JVM heap to go
> high!
> {noformat}
> ERROR [org.apache.activemq.artemis.core.server] AMQ224088: *Timeout (10
> seconds) while handshaking with
> ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred.
> {noformat}
> Master is not able to communicate to slave over ssl causing time out issue
> where sslv2 protocol is being shared by slave which is not accepted by
> master.
> # Could you please help on why slave is sending sslv2 protocol if the same
> has been deprecated by oracle JVM in JDK 7 onwards and we are using JDK 8 ?
> # When client connects(external) to broker then TLS protocol is provided in
> transport settings from their side, then why for internal communication where
> master and slave or cluster brokers have to share information SSLV2 is used
> (which is again blocked by JVM installed saying unsecure protocol) - This is
> strange where internal communication in a product is blocked while external
> is working :)
> My broker configurations are attached: [^master_broker] [^slave_broker].
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
