Uploaded image for project: 'AMQ Documentation'
  1. AMQ Documentation
  2. AMQDOC-3368

Highlight that acceptor TLS protocol change after the upgrade

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Critical
    • None
    • None
    • Broker DOC, Broker on OCP DOC
    • None

    Description

      The default acceptor TLS protocol is the JVM's default, which changes with the JVM. In Java 8 it's TLS1.2 and since Java 11 it's TLS1.3. This means that versions of the same broker will only change behaviour when running on a different, even supported, JVM version.

      There is only one line about this, in the `enabledProtocols` configuration option, which controls the TLS procol version, but only for standalone [1], nothing for OpenShift. So far it is not possible to specify TLS1.3, but the fix is on the way [2].

      Also, `enabledProtocols` is quite ambiguous as it seems to refer to the messaging protocol and not the TLS version.

      Available cipher suites are affected in the same way (`enabledCipherSuites`).

      [1]
      https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11/html-single/configuring_amq_broker/index#ref-br-tls-configuration-options_configuring

      [2]
      rhn-support-rkieley is working on the related upstream ticket https://github.com/artemiscloud/activemq-artemis-operator/issues/722

      Attachments

        Activity

          People

            jcliffor@redhat.com John Clifford
            rhn-support-agagliar Antonio Gagliardi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: