[
https://issues.apache.org/jira/browse/ARTEMIS-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183283#comment-17183283
]
Clebert Suconic commented on ARTEMIS-2794:
------------------------------------------
as I mentioned you should use the forum to ask questions...
it seems to me you're using OpenWire Clients. You should use core clients for a
better failover integration with Artemis. with OpenWire you have to specify
both nodes.
> Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor 'artemis' in
> redhat mq 7.6
> ------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-2794
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2794
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: JMX, OpenWire
> Affects Versions: 2.11.0
> Environment: Pre-prod,SIT
> Reporter: Aman Verma
> Priority: Major
> Fix For: 2.11.0
>
> Attachments: master_broker, slave_broker
>
>
> I am getting below error while implementing HA over ssl enabled acceptors in
> both master and slave.
> Error on master:
> {noformat}
> 2020-06-07 15:03:33,800 WARN [org.apache.activemq.artemis.core.client]
> AMQ212004: Failed to connect to server.
> 2020-06-07 15:03:39,820 INFO [org.apache.activemq.artemis.core.server]
> AMQ221053: Disallowing use of vulnerable protocol 'SSLv2Hello' on acceptor
> 'artemis'. See
> [http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html]
> for more details.{noformat}
> This keep on repeating like anything in logs making CPU and JVM heap to go
> high!
> {noformat}
> ERROR [org.apache.activemq.artemis.core.server] AMQ224088: *Timeout (10
> seconds) while handshaking with
> ec2-35-153-67-214.compute-1.amazonaws.com:61616 has occurred.
> {noformat}
> Master is not able to communicate to slave over ssl causing time out issue
> where sslv2 protocol is being shared by slave which is not accepted by
> master.
> # Could you please help on why slave is sending sslv2 protocol if the same
> has been deprecated by oracle JVM in JDK 7 onwards and we are using JDK 8 ?
> # When client connects(external) to broker then TLS protocol is provided in
> transport settings from their side, then why for internal communication where
> master and slave or cluster brokers have to share information SSLV2 is used
> (which is again blocked by JVM installed saying unsecure protocol) - This is
> strange where internal communication in a product is blocked while external
> is working :)
> My broker configurations are attached: [^master_broker] [^slave_broker].
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
