在TLS1.2上创建ActiveMQ连接 [英] Create ActiveMQ Connection on TLS1.2

问题描述

我们必须删除SSLV3支持。所以我们改变了activemq配置。我们添加了transportConnector并设置enabledProtocol ='TLS1.1，TLS1.2'。所以它应该支持TLS1.1或TLS1.2
但我不知道如何在创建连接时指定协议。
现在它给了我错误SSLV2Hello被禁用。
所以我的问题是如何在创建连接时给出协议列表。
我试过它SSLSocket但是无法通过。
有人可以给我线索..

We had to remove SSLV3 support. So we changed activemq configuration. we added transportConnector and set enabledProtocol='TLS1.1,TLS1.2'. So that it should support on TLS1.1 or TLS1.2 But i am not getting how should i specify protocol when i am creating connection. Now it is giving me error SSLV2Hello is disabled. So my question is how should i give protocol list while creating connection. I tried it SSLSocket but could not go through. Can somebody please give me clue..

String keyStorePath = "abc.ks";
String keyStorePassword = "XYZ";
String trustStore = "cks.ts";                     
java.lang.System.setProperty("javax.net.ssl.keyStore", keyStorePath);
java.lang.System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
String connectionURL = 'URL?initialReconnectDelay=10&maxReconnectDelay=10&maxReconnectAttempts=2&jms.watchTopicAdvisories=false&wireFormat.maxInactivityDuration=3600000';

ConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionURL);
Connection connection = factory.createConnection(user, pwd);

推荐答案

最后它对我有用。

String keyStorePassword = "123456";   
String configPath = "C:\\ssl\\";  
String keyStorePath = configPath + "client.ks";  
KeyStore ks = KeyStore.getInstance("jks");  
String trustStore = configPath + "trust.ts";  
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
java.lang.System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);

            InputStream ksIs = new FileInputStream(keyStorePath);
            try {
                ks.load(ksIs, keyStorePassword.toCharArray());
            } finally {
                if (ksIs != null) {
                    ksIs.close();
                }
            }
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(ks, keyStorePassword.toCharArray());

            TrustManager[] trustAllCerts = new TrustManager[] {
                    new X509TrustManager() {
                        public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                        }

                        public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                        }

                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }
                    }
            };

            final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
            ConnectionFactory factory = new ActiveMQSslConnectionFactory(URL);
            sslContext.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());       
            SslContext context = new SslContext();
            context.setSSLContext(sslContext);
            SslContext.setCurrentSslContext(context);
            Connection connection = factory.createConnection(loginName, pwd);
            connection.start();         
            Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
            MessageProducer nonPersistentProducer = session.createProducer(null);
            session.close();
            connection.close();

这篇关于在TLS1.2上创建ActiveMQ连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！