Hi, we are undergoing a security certification for our system. One of the issues we get is related to the cipher order while establishing a TLS connection with MQTT.
We went through the following document to configure the transport and select the cipher suites we want to allow: http://activemq.apache.org/ssl-transport-reference.html However, we could not find a reference to the order of the cipher suites. That seems to be an issue for security-scanning tools, like testssh (https://github.com/drwetter/testssl.sh). See for exaple the following output on one of our servers: ****start test output**** Testing server preferences Has server cipher order? * nope (NOT ok)* Negotiated protocol TLSv1.2 Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 570 bit ECDH (B-571) (limited sense as client will pick) Negotiated cipher per proto (limited sense as client will pick) ECDHE-RSA-AES128-GCM-SHA256: TLSv1.2 No further cipher order check has been done as order is determined by the client ****end test output**** We did not find any reference to cipher order in the ActiveMQ documentation. Is there a possibility to do so? Thanks in advance and best regards, Marcos Moreno. -- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
