Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-10491

Adding property to exclude any ssl protocol version for JMX

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: jboss-fuse-6.3
    • Fix Version/s: jboss-fuse-6.3, fuse-7.4-GA
    • Component/s: Karaf
    • Labels:
      None
    • Sprint:
      Fuse 7.4 Sprint 45 - Dev #1

      Description

      I'm trying to enable SSL for JMX, I cannot find a way to restrict the protocol version to only accept TLSv1.2 connections.

      I have set 'secureProtocol = TLSv1.2' in org.apache.karaf.management.cfg, but when running the command 'openssl s_client -connect myHost:myPort -tls1_1' (where myHost and myPort are replaced by the appropriate hosts/ports) I noticed that the RMI server port is still accepting TLSv1 and TLSv1.1 connections.

      We can exclude the secureProtocols using ExcludeProtocols in the jetty.xml, We don't have this option for JMX,

      We can introduce another property like "EnabledProtocals" in org.apache.karaf.management.cfg method to achieve it,

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ffang Freeman(Yue) Fang
                Reporter:
                chardahe Chandrakant Hardahe
                Tester:
                Vratislav Hais
              • Votes:
                1 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: