[ https://issues.apache.org/jira/browse/ARTEMIS-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183283#comment-17183283 ]
Clebert Suconic commented on ARTEMIS-2794: ------------------------------------------ as I mentioned you should use the forum to ask questions... it seems to me you're using OpenWire Clients. You should use core clients for a better failover integration with Artemis. with OpenWire you have to specify both nodes. > Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in > redhat mq 7.6 > ------------------------------------------------------------------------------------------ > > Key: ARTEMIS-2794 > URL: https://issues.apache.org/jira/browse/ARTEMIS-2794 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: JMX, OpenWire > Affects Versions: 2.11.0 > Environment: Pre-prod,SIT > Reporter: Aman Verma > Priority: Major > Fix For: 2.11.0 > > Attachments: master_broker, slave_broker > > > I am getting below error while implementing HA over ssl enabled acceptors in > both master and slave. > Error on master: > {noformat} > 2020-06-07 15:03:33,800 WARN [org.apache.activemq.artemis.core.client] > AMQ212004: Failed to connect to server. > 2020-06-07 15:03:39,820 INFO [org.apache.activemq.artemis.core.server] > AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor > 'artemis'. See > [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html] > for more details.{noformat} > This keep on repeating like anything in logs making CPU and JVM heap to go > high! > {noformat} > ERROR [org.apache.activemq.artemis.core.server] AMQ224088: *Timeout (10 > seconds) while handshaking with > ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred. > {noformat} > Master is not able to communicate to slave over ssl causing time out issue > where sslv2 protocol is being shared by slave which is not accepted by > master. > # Could you please help on why slave is sending sslv2 protocol if the same > has been deprecated by oracle JVM in JDK 7 onwards and we are using JDK 8 ? > # When client connects(external) to broker then TLS protocol is provided in > transport settings from their side, then why for internal communication where > master and slave or cluster brokers have to share information SSLV2 is used > (which is again blocked by JVM installed saying unsecure protocol) - This is > strange where internal communication in a product is blocked while external > is working :) > My broker configurations are attached: [^master_broker] [^slave_broker]. -- This message was sent by Atlassian Jira (v8.3.4#803005)