[英]ActiveMQ run in FIPS mode
I am workinf with ActiveMQ 5.14 my ssl configuration is:我正在使用 ActiveMQ 5.14 我的 ssl 配置是:
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/keystore/activemq/activemq.bcfks" keyStorePassword="password" keyStoreType="BCFKS"
trustStore="file:${activemq.base}/conf/keystore/activemq/cacerts.bcfks" trustStorePassword="password" trustStoreType="BCFKS" />
</sslContext>
our JVM is configured to be in FIPS mode:我们的 JVM 配置为处于 FIPS 模式:
security.provider.4=com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider CCJ
if FIPS mode is on ActiveMQ failed to start with ERROR:如果 FIPS 模式在 ActiveMQ 上,则无法启动并显示错误:
Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: FIPS mode: SecureRandom must be from provider CCJ | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main
I try to inti the secureRandom using Spring spel : secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -
我尝试使用 Spring spel 来初始化 secureRandom:
secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -
or或
secureRandom="CCJ"
it didn't work!!!它没有用!!! How can I force the secureRandom provider to be from type 'CCJ'
如何强制 secureRandom 提供程序来自“CCJ”类型
Thanks,谢谢,
The following configuration in activemq.xml worked for me while working with AMQ 5.15.0 together with CCJ:在使用 AMQ 5.15.0 和 CCJ 时,activemq.xml 中的以下配置对我有用:
<sslContext>
<sslContext
keyStore="file:${activemq.conf}/broker.ks"
keyStorePassword="123456"
keyStoreType="BCFKS"
trustStore="file:${activemq.conf}/broker.ts"
trustStorePassword="123456"
trustStoreType="BCFKS"
secureRandomAlgorithm="DEFAULT" />
</sslContext>
It also worked for me when I additionally added the XML attribute "provider" with the value of CCJ to the sslContext:当我另外将带有 CCJ 值的 XML 属性“provider”添加到 sslContext 时,它也对我有用:
<sslContext>
<sslContext
keyStore="file:${activemq.conf}/broker.ks"
keyStorePassword="123456"
keyStoreType="BCFKS"
trustStore="file:${activemq.conf}/broker.ts"
trustStorePassword="123456"
trustStoreType="BCFKS"
secureRandomAlgorithm="DEFAULT"
**provider="CCJ"**/>
</sslContext>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.