-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
AMQ 7.8.1.GA
-
False
-
False
-
Undefined
-
We observed a change in behavior between Red Hat AMQ 7.7 and Red Hat AMQ 7.8 when connecting via SSL;
The change is related to the "sniHost" setting on the AMQ Broker;
We connect from EAP to AMQ via SSL (something similar to what explained here https://access.redhat.com/solutions/5717741).
Everything happens inside OpenShift: we connect to AMQ over a Route (= "kind: Route" and "apiVersion: route.openshift.io/v1").
Previously we were using version:
- AMQ Operator version 0.18.0
- Red Hat AMQ 7.7.0.GA
When we switched to the following version:
- AMQ Operator version 0.19.0
- Red Hat AMQ 7.8.1.GA
we observed the change in behavior about the "sniHost" setting;
Our AMQ is created by the AMQ Operator with the following configuration (i.e. relevant part of the ActiveMQArtemis custom resource):
apiVersion: broker.amq.io/v2alpha4
kind: ActiveMQArtemis
metadata:
name: amq-broker
spec:
acceptors:
- port: 61617
verifyHost: false
expose: true
multicastPrefix: jms.topic.
name: all
connectionsAllowed: 10
sslEnabled: true
sniHost: localhost
protocols: all
sslSecret: amq-broker-ssl-secret
sslProvider: JDK
anycastPrefix: jms.queue.
connectors:
- port: 22222
verifyHost: true
wantClientAuth: true
expose: true
enabledCipherSuites: 'SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA'
host: localhost
needClientAuth: true
name: connector0
sslEnabled: false
sniHost: localhost
enabledProtocols: 'TLSv1,TLSv1.1,TLSv1.2'
sslProvider: JDK
with AMQ 7.8 we have the following error which we didn't have with AMQ 7.7:
2020-12-09 09:57:22,546 WARN [org.apache.activemq.artemis.core.server] AMQ222208: SSL handshake failed for client from /10.116.0.1:41164: javax.net.ssl.SSLHandshakeException: Unrecognized server name indication.
the error disappears if we remove the "sniHost: localhost" setting from the ActiveMQArtemis custom resource.
It looks like as if the setting was previously ignored by AMQ 7.7.