-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
AMQ 7.8.1.GA
-
False
-
False
-
Undefined
-
We observed a change in behavior between Red Hat AMQ 7.7 and Red Hat AMQ 7.8 when connecting via SSL;
The change is related to the "sniHost" setting on the AMQ Broker;
We connect from EAP to AMQ via SSL (something similar to what explained here https://access.redhat.com/solutions/5717741).
Everything happens inside OpenShift: we connect to AMQ over a Route (= "kind: Route" and "apiVersion: route.openshift.io/v1").
Previously we were using version:
- AMQ Operator version 0.18.0
- Red Hat AMQ 7.7.0.GA
When we switched to the following version:
- AMQ Operator version 0.19.0
- Red Hat AMQ 7.8.1.GA
we observed the change in behavior about the "sniHost" setting;
Our AMQ is created by the AMQ Operator with the following configuration (i.e. relevant part of the ActiveMQArtemis custom resource):
apiVersion: broker.amq.io/v2alpha4 kind: ActiveMQArtemis metadata: name: amq-broker spec: acceptors: - port: 61617 verifyHost: false expose: true multicastPrefix: jms.topic. name: all connectionsAllowed: 10 sslEnabled: true sniHost: localhost protocols: all sslSecret: amq-broker-ssl-secret sslProvider: JDK anycastPrefix: jms.queue. connectors: - port: 22222 verifyHost: true wantClientAuth: true expose: true enabledCipherSuites: 'SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA' host: localhost needClientAuth: true name: connector0 sslEnabled: false sniHost: localhost enabledProtocols: 'TLSv1,TLSv1.1,TLSv1.2' sslProvider: JDK
with AMQ 7.8 we have the following error which we didn't have with AMQ 7.7:
2020-12-09 09:57:22,546 WARN [org.apache.activemq.artemis.core.server] AMQ222208: SSL handshake failed for client from /10.116.0.1:41164: javax.net.ssl.SSLHandshakeException: Unrecognized server name indication.
the error disappears if we remove the "sniHost: localhost" setting from the ActiveMQArtemis custom resource.
It looks like as if the setting was previously ignored by AMQ 7.7.