[ https://issues.apache.org/jira/browse/QPID-2518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Stitcher reopened QPID-2518: ----------------------------------- Assignee: Andrew Stitcher As far as I can tell this bug is still present. Despite any comments above. > Qpid C++ broker can easily be blocked by client trying to connect over SSL > port > ------------------------------------------------------------------------------- > > Key: QPID-2518 > URL: https://issues.apache.org/jira/browse/QPID-2518 > Project: Qpid > Issue Type: Bug > Components: C++ Broker > Environment: Red Hat Enterprise MRG 1.2 > Reporter: Armin Noll > Assignee: Andrew Stitcher > > We are running a C++ broker as deamon with the following configuration: > > log-enable=info+ > log-to-file=/var/lib/qpidd/op_prod09/data/0097/qpidd.log > log-to-syslog=no > auth=yes > acl-file=qpidd.acl > realm=QPID0097 > data-dir=/var/lib/qpidd/op_prod09/data/0097 > pid-dir=/var/lib/qpidd/op_prod09/data/0097 > port=20097 > wait=30 > num-jfiles=4 > jfile-size-pgs=1 > wcache-page-size=128 > tpl-num-jfiles=4 > tpl-jfile-size-pgs=1 > tpl-wcache-page-size=128 > ssl-cert-db=/var/lib/qpidd/op_prod09/data/0097 > ssl-port=10097 > ssl-cert-name=RGC001 > ssl-cert-password-file=/var/lib/qpidd/op_prod09/data/0097/amq_cert_db.pwd > ssl-require-client-authentication=yes > cluster-name=QPID0097 > cluster-url=amqp:tcp:172.16.45.198:20097 > cluster-username=xxxxx > cluster-password=xxxxx > > We tried to connect an application to the SSL port which does not "talk" the > correct protocol. We simply used telnet: > $ telnet 172.16.45.198 10097 > > The result was (we waited at least 30 min, then killed the process running > telnet): > The broker doesn't react anymore, no more new client connections can be > established, the broker even cannot be stopped with "qpidd -p 20097 -q". > > This way anybody in the world could easily block our service provided over a > Qpid broker. > Is there a way to get around this? > This issue has also been reported as Red Hat service request no. 2014266. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org