[英]Create ActiveMQ Connection on TLS1.2
We had to remove SSLV3 support. 我们必须删除SSLV3支持。 So we changed activemq configuration.
因此,我们更改了activemq配置。 we added transportConnector and set enabledProtocol='TLS1.1,TLS1.2'.
我们添加了transportConnector并设置enabledProtocol ='TLS1.1,TLS1.2'。 So that it should support on TLS1.1 or TLS1.2 But i am not getting how should i specify protocol when i am creating connection.
这样它就应该支持TLS1.1或TLS1.2,但是在创建连接时我没有得到应该如何指定协议的信息。 Now it is giving me error SSLV2Hello is disabled.
现在,它给我错误SSLV2Hello已禁用。 So my question is how should i give protocol list while creating connection.
所以我的问题是在创建连接时我应该如何给出协议列表。 I tried it SSLSocket but could not go through.
我尝试了SSLSocket,但无法通过。 Can somebody please give me clue..
有人可以给我提示吗..
String keyStorePath = "abc.ks";
String keyStorePassword = "XYZ";
String trustStore = "cks.ts";
java.lang.System.setProperty("javax.net.ssl.keyStore", keyStorePath);
java.lang.System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
String connectionURL = 'URL?initialReconnectDelay=10&maxReconnectDelay=10&maxReconnectAttempts=2&jms.watchTopicAdvisories=false&wireFormat.maxInactivityDuration=3600000';
ConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionURL);
Connection connection = factory.createConnection(user, pwd);
Finally it worked for me. 终于对我有用。
String keyStorePassword = "123456";
String configPath = "C:\\ssl\\";
String keyStorePath = configPath + "client.ks";
KeyStore ks = KeyStore.getInstance("jks");
String trustStore = configPath + "trust.ts";
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore);
java.lang.System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
InputStream ksIs = new FileInputStream(keyStorePath);
try {
ks.load(ksIs, keyStorePassword.toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyStorePassword.toCharArray());
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
ConnectionFactory factory = new ActiveMQSslConnectionFactory(URL);
sslContext.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
SslContext context = new SslContext();
context.setSSLContext(sslContext);
SslContext.setCurrentSslContext(context);
Connection connection = factory.createConnection(loginName, pwd);
connection.start();
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer nonPersistentProducer = session.createProducer(null);
session.close();
connection.close();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.