Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-3716

Porting ENTMQBR-3616 to Operator-LTS

    XMLWordPrintable

Details

    • Task
    • Resolution: Obsolete
    • Major
    • Future GA
    • AMQ 7.4.2.GA
    • operator
    • None

    Description

      In the custom resource template that is distributed for the operator, there is following line:

       enabledCipherSuites: SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

      These cipher suites are likely weak and are not supported bu our messaging clients. When this field is removed form CR and cipher suite used is left for negotiation the "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" is agreed upon by broker from the list offered by the client. List of other potential cipher suites is attached to this jira. This is one of the reasons for potential issues with SSL connections for broker on OpenShift.

      Attachments

        Issue Links

          clones

          Task - Represents a small unit of work that is not end-user facing. ENTMQBR-3616 [Operator] Update cipher suites in distibuted CR templates

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              gaohoward Howard Gao
              gaohoward Howard Gao
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: