The broker delegates all this work to the JVM in the first place so I think you're more likely to find what you're looking for in the JVM directly. Even the value for the "transport.enabledCipherSuites" parameter is passed through to the underlying SSL implementation provided by the JVM.
Have you investigated this from the JVM's perspective? Justin On Tue, Nov 15, 2022 at 3:33 PM Frank Crow <fjcrow2...@gmail.com> wrote: > No because, the ability to specify cipher suites does not include any way > to specify the specific type of elliptic curve. > > At the moment, the configuration that is in place is using the > ECDHE-RSA-AES256-GCM-SHA384 cipher. > > The ECDHE key exchange is apparently using P-256 by default. I need it to > be stronger or I need to document that I am unable to change that > configuration item. > > > Thanks, > Frank > > > On Tue, Nov 15, 2022 at 4:21 PM Justin Bertram <jbert...@apache.org> > wrote: > > > Did you try using the "transport.enabledCipherSuites" parameter mentioned > > here [1]? > > > > > > Justin > > > > [1] https://activemq.apache.org/ssl-transport-reference > > > > On Tue, Nov 15, 2022 at 2:16 PM Frank Crow <fjcrow2...@gmail.com> wrote: > > > > > Hello all, > > > > > > Does anyone know if it is possible to specify which elliptic curve will > > be > > > used by the broker for ECDHE key exchanges? Currently I have TLS > enabled > > > and I'm seeing that it is using a 256-bit (P-256) elliptic curve. I > > have > > > requirements for 384-bit elliptic curves or better. > > > > > > Is there some transport.option that I can use or is there some other > > method > > > to configure the elliptic curve that ActiveMQ uses? > > > > > > > > > Thanks, > > > -- > > > Frank > > > > > > > > -- > Frank >
