Qpid C++ broker can easily be blocked by client trying to connect over SSL port -------------------------------------------------------------------------------
Key: QPID-2518 URL: https://issues.apache.org/jira/browse/QPID-2518 Project: Qpid Issue Type: Bug Components: C++ Broker Environment: Red Hat Enterprise MRG 1.2 Reporter: Armin Noll We are running a C++ broker as deamon with the following configuration: log-enable=info+ log-to-file=/var/lib/qpidd/op_prod09/data/0097/qpidd.log log-to-syslog=no auth=yes acl-file=qpidd.acl realm=QPID0097 data-dir=/var/lib/qpidd/op_prod09/data/0097 pid-dir=/var/lib/qpidd/op_prod09/data/0097 port=20097 wait=30 num-jfiles=4 jfile-size-pgs=1 wcache-page-size=128 tpl-num-jfiles=4 tpl-jfile-size-pgs=1 tpl-wcache-page-size=128 ssl-cert-db=/var/lib/qpidd/op_prod09/data/0097 ssl-port=10097 ssl-cert-name=RGC001 ssl-cert-password-file=/var/lib/qpidd/op_prod09/data/0097/amq_cert_db.pwd ssl-require-client-authentication=yes cluster-name=QPID0097 cluster-url=amqp:tcp:172.16.45.198:20097 cluster-username=xxxxx cluster-password=xxxxx We tried to connect an application to the SSL port which does not "talk" the correct protocol. We simply used telnet: $ telnet 172.16.45.198 10097 The result was (we waited at least 30 min, then killed the process running telnet): The broker doesn't react anymore, no more new client connections can be established, the broker even cannot be stopped with "qpidd -p 20097 -q". This way anybody in the world could easily block our service provided over a Qpid broker. Is there a way to get around this? This issue has also been reported as Red Hat service request no. 2014266. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org