堆栈内存溢出
  简体   繁体   English

ActiveMQ 在 FIPS 模式下运行

[英]ActiveMQ run in FIPS mode

 原文  2017-09-17 15:28:14       java/ spring/ activemq/ bouncycastle/ fips

问题描述

I am workinf with ActiveMQ 5.14 my ssl configuration is:我正在使用 ActiveMQ 5.14 我的 ssl 配置是:

<sslContext>
        <sslContext keyStore="file:${activemq.base}/conf/keystore/activemq/activemq.bcfks" keyStorePassword="password" keyStoreType="BCFKS" 
              trustStore="file:${activemq.base}/conf/keystore/activemq/cacerts.bcfks" trustStorePassword="password" trustStoreType="BCFKS" />
    </sslContext>

our JVM is configured to be in FIPS mode:我们的 JVM 配置为处于 FIPS 模式:

security.provider.4=com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider CCJ

if FIPS mode is on ActiveMQ failed to start with ERROR:如果 FIPS 模式在 ActiveMQ 上,则无法启动并显示错误:

Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: FIPS mode: SecureRandom must be from provider CCJ | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main

I try to inti the secureRandom using Spring spel : secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -我尝试使用 Spring spel 来初始化 secureRandom: secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -

or

secureRandom="CCJ"

it didn't work!!!它没有用!!! How can I force the secureRandom provider to be from type 'CCJ'如何强制 secureRandom 提供程序来自“CCJ”类型

Thanks,谢谢,

1 个解决方案

解决方案1
 0  2020-07-05 08:53:44

The following configuration in activemq.xml worked for me while working with AMQ 5.15.0 together with CCJ:在使用 AMQ 5.15.0 和 CCJ 时,activemq.xml 中的以下配置对我有用:

<sslContext>
   <sslContext 
        keyStore="file:${activemq.conf}/broker.ks" 
        keyStorePassword="123456" 
        keyStoreType="BCFKS" 
        trustStore="file:${activemq.conf}/broker.ts" 
        trustStorePassword="123456" 
        trustStoreType="BCFKS" 
        secureRandomAlgorithm="DEFAULT" />
</sslContext>

It also worked for me when I additionally added the XML attribute "provider" with the value of CCJ to the sslContext:当我另外将带有 CCJ 值的 XML 属性“provider”添加到 sslContext 时,它也对我有用:

<sslContext>
   <sslContext 
        keyStore="file:${activemq.conf}/broker.ks" 
        keyStorePassword="123456" 
        keyStoreType="BCFKS" 
        trustStore="file:${activemq.conf}/broker.ts" 
        trustStorePassword="123456" 
        trustStoreType="BCFKS" 
        secureRandomAlgorithm="DEFAULT" 
        **provider="CCJ"**/>
</sslContext>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何构建符合fips的sqlcipher来调用FIPS_mode_set(1) - How to build fips compliant sqlcipher to call FIPS_mode_set(1) 使用 FIPS 在 Windows 机器上运行 JPackage - Run JPackage on a Windows Machine with FIPS 如何设置Oracle JDK支持FIPS模式 - How to set Oracle JDK support FIPS mode 在 FIPS 模式下禁用 HTTPS 证书验证 - Disable HTTPS Certificate Validation in FIPS mode 在MULE ESB中启用FIPS 140-2符合性模式 - Enabling FIPS 140-2 compliance mode in MULE ESB PKCS#12 KeyStore 格式的 Bouncy Castle FIPS 模式 - Bouncy Castle FIPS mode for PKCS#12 KeyStore Format 尝试在Java中使用带有NSS的SunPKCS11启用FIPS模式 - trying to enable FIPS mode using SunPKCS11 with NSS in Java KeyManagementException:FIPS 模式:只能使用 SunJSSE TrustManagers - KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used "无法使用 Bouncy Castle Fips Provider 连接到 sqlserver,用于在 FIPS mod 中运行 JSSE" - Can not connect to sqlserver with Bouncy Castle Fips Provider using to run the JSSE in FIPS mod 如何使用ant运行activemq - how to run activemq using ant
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM