stackoom
  简体   繁体   中英

ActiveMQ run in FIPS mode

 原文  2017-09-17 15:28:14       java/ spring/ activemq/ bouncycastle/ fips

Question

I am workinf with ActiveMQ 5.14 my ssl configuration is:

<sslContext>
        <sslContext keyStore="file:${activemq.base}/conf/keystore/activemq/activemq.bcfks" keyStorePassword="password" keyStoreType="BCFKS" 
              trustStore="file:${activemq.base}/conf/keystore/activemq/cacerts.bcfks" trustStorePassword="password" trustStoreType="BCFKS" />
    </sslContext>

our JVM is configured to be in FIPS mode:

security.provider.4=com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider CCJ

if FIPS mode is on ActiveMQ failed to start with ERROR:

Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: FIPS mode: SecureRandom must be from provider CCJ | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main

I try to inti the secureRandom using Spring spel : secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -

or

secureRandom="CCJ"

it didn't work!!! How can I force the secureRandom provider to be from type 'CCJ'

Thanks,

1 answers

solution1
 0  2020-07-05 08:53:44

The following configuration in activemq.xml worked for me while working with AMQ 5.15.0 together with CCJ:

<sslContext>
   <sslContext 
        keyStore="file:${activemq.conf}/broker.ks" 
        keyStorePassword="123456" 
        keyStoreType="BCFKS" 
        trustStore="file:${activemq.conf}/broker.ts" 
        trustStorePassword="123456" 
        trustStoreType="BCFKS" 
        secureRandomAlgorithm="DEFAULT" />
</sslContext>

It also worked for me when I additionally added the XML attribute "provider" with the value of CCJ to the sslContext:

<sslContext>
   <sslContext 
        keyStore="file:${activemq.conf}/broker.ks" 
        keyStorePassword="123456" 
        keyStoreType="BCFKS" 
        trustStore="file:${activemq.conf}/broker.ts" 
        trustStorePassword="123456" 
        trustStoreType="BCFKS" 
        secureRandomAlgorithm="DEFAULT" 
        **provider="CCJ"**/>
</sslContext>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to build fips compliant sqlcipher to call FIPS_mode_set(1) Run JPackage on a Windows Machine with FIPS How to set Oracle JDK support FIPS mode Disable HTTPS Certificate Validation in FIPS mode Enabling FIPS 140-2 compliance mode in MULE ESB Bouncy Castle FIPS mode for PKCS#12 KeyStore Format trying to enable FIPS mode using SunPKCS11 with NSS in Java KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used Can not connect to sqlserver with Bouncy Castle Fips Provider using to run the JSSE in FIPS mod how to run activemq using ant
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM