Can I restrict the SSL cipher suites in an Apache ActiveMQ NMS client?

Solution In Progress - Updated -

Environment

  • Apache NMS =< 1.6.1
  • JBoss A-MQ 6.1 and lower

Issue

According to ActiveMQ SSL Transport Reference a client can restrict the cipher suites to be used in an SSL handshake with the broker using the 'socket.XXX' transport option on the broker URL, such as in this example:

ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

Is this option 'socket.enabledCipherSuites' also available in the Apache NMS client?

Resolution

The Apache NMS client does currently not support specifying 'socket.enabledCipherSuites' on the broker url. This has not been implemented so far.
There is currently no way to restrict the ciphers in the NMS client.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.