在 TLS1.2 上创建 ActiveMQ 连接
Create ActiveMQ Connection on TLS1.2
我们不得不删除 SSLV3 支持。所以我们更改了 activemq 配置。我们添加了 transportConnector 并设置了 enabledProtocol='TLS1.1,TLS1.2'。这样它应该支持 TLS1.1 或 TLS1.2
但是我不知道在创建连接时应该如何指定协议。
现在它给我错误 SSLV2Hello is disabled。
所以我的问题是我应该如何在创建连接时提供协议列表。
我尝试了 SSLSocket 但无法通过。
有人可以给我线索吗..
String keyStorePath = "abc.ks";
String keyStorePassword = "XYZ";
String trustStore = "cks.ts";
java.lang.System.setProperty("javax.net.ssl.keyStore", keyStorePath);
java.lang.System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
String connectionURL = 'URL?initialReconnectDelay=10&maxReconnectDelay=10&maxReconnectAttempts=2&jms.watchTopicAdvisories=false&wireFormat.maxInactivityDuration=3600000';
ConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionURL);
Connection connection = factory.createConnection(user, pwd);
终于对我有用了。
String keyStorePassword = "123456";
String configPath = "C:\ssl\";
String keyStorePath = configPath + "client.ks";
KeyStore ks = KeyStore.getInstance("jks");
String trustStore = configPath + "trust.ts";
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
java.lang.System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
InputStream ksIs = new FileInputStream(keyStorePath);
try {
ks.load(ksIs, keyStorePassword.toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyStorePassword.toCharArray());
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
ConnectionFactory factory = new ActiveMQSslConnectionFactory(URL);
sslContext.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
SslContext context = new SslContext();
context.setSSLContext(sslContext);
SslContext.setCurrentSslContext(context);
Connection connection = factory.createConnection(loginName, pwd);
connection.start();
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer nonPersistentProducer = session.createProducer(null);
session.close();
connection.close();
我们不得不删除 SSLV3 支持。所以我们更改了 activemq 配置。我们添加了 transportConnector 并设置了 enabledProtocol='TLS1.1,TLS1.2'。这样它应该支持 TLS1.1 或 TLS1.2 但是我不知道在创建连接时应该如何指定协议。 现在它给我错误 SSLV2Hello is disabled。 所以我的问题是我应该如何在创建连接时提供协议列表。 我尝试了 SSLSocket 但无法通过。 有人可以给我线索吗..
String keyStorePath = "abc.ks";
String keyStorePassword = "XYZ";
String trustStore = "cks.ts";
java.lang.System.setProperty("javax.net.ssl.keyStore", keyStorePath);
java.lang.System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
String connectionURL = 'URL?initialReconnectDelay=10&maxReconnectDelay=10&maxReconnectAttempts=2&jms.watchTopicAdvisories=false&wireFormat.maxInactivityDuration=3600000';
ConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionURL);
Connection connection = factory.createConnection(user, pwd);
终于对我有用了。
String keyStorePassword = "123456";
String configPath = "C:\ssl\";
String keyStorePath = configPath + "client.ks";
KeyStore ks = KeyStore.getInstance("jks");
String trustStore = configPath + "trust.ts";
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
java.lang.System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
InputStream ksIs = new FileInputStream(keyStorePath);
try {
ks.load(ksIs, keyStorePassword.toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyStorePassword.toCharArray());
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
ConnectionFactory factory = new ActiveMQSslConnectionFactory(URL);
sslContext.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
SslContext context = new SslContext();
context.setSSLContext(sslContext);
SslContext.setCurrentSslContext(context);
Connection connection = factory.createConnection(loginName, pwd);
connection.start();
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer nonPersistentProducer = session.createProducer(null);
session.close();
connection.close();