No because, the ability to specify cipher suites does not include any way to specify the specific type of elliptic curve.
At the moment, the configuration that is in place is using the ECDHE-RSA-AES256-GCM-SHA384 cipher. The ECDHE key exchange is apparently using P-256 by default. I need it to be stronger or I need to document that I am unable to change that configuration item. Thanks, Frank On Tue, Nov 15, 2022 at 4:21 PM Justin Bertram <jbert...@apache.org> wrote: > Did you try using the "transport.enabledCipherSuites" parameter mentioned > here [1]? > > > Justin > > [1] https://activemq.apache.org/ssl-transport-reference > > On Tue, Nov 15, 2022 at 2:16 PM Frank Crow <fjcrow2...@gmail.com> wrote: > > > Hello all, > > > > Does anyone know if it is possible to specify which elliptic curve will > be > > used by the broker for ECDHE key exchanges? Currently I have TLS enabled > > and I'm seeing that it is using a 256-bit (P-256) elliptic curve. I > have > > requirements for 384-bit elliptic curves or better. > > > > Is there some transport.option that I can use or is there some other > method > > to configure the elliptic curve that ActiveMQ uses? > > > > > > Thanks, > > -- > > Frank > > > -- Frank
