Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-10491

Adding property to exclude any ssl protocol version for JMX

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • jboss-fuse-6.3, fuse-7.4-GA
    • jboss-fuse-6.3
    • Karaf
    • None
    • % %
    • Fuse 7.4 Sprint 45 - Dev #1

    Description

      I'm trying to enable SSL for JMX, I cannot find a way to restrict the protocol version to only accept TLSv1.2 connections.

      I have set 'secureProtocol = TLSv1.2' in org.apache.karaf.management.cfg, but when running the command 'openssl s_client -connect myHost:myPort -tls1_1' (where myHost and myPort are replaced by the appropriate hosts/ports) I noticed that the RMI server port is still accepting TLSv1 and TLSv1.1 connections.

      We can exclude the secureProtocols using ExcludeProtocols in the jetty.xml, We don't have this option for JMX,

      We can introduce another property like "EnabledProtocals" in org.apache.karaf.management.cfg method to achieve it,

      Attachments

        Activity

          People

            yfang@redhat.com Freeman(Yue) Fang
            chardahe@redhat.com Chandrakant Hardahe (Inactive)
            Vratislav Hais Vratislav Hais (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: