![](/img/trans.png)
[英]How to build fips compliant sqlcipher to call FIPS_mode_set(1)
[英]ActiveMQ run in FIPS mode
我正在使用 ActiveMQ 5.14 我的 ssl 配置是:
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/keystore/activemq/activemq.bcfks" keyStorePassword="password" keyStoreType="BCFKS"
trustStore="file:${activemq.base}/conf/keystore/activemq/cacerts.bcfks" trustStorePassword="password" trustStoreType="BCFKS" />
</sslContext>
我们的 JVM 配置为处于 FIPS 模式:
security.provider.4=com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider CCJ
如果 FIPS 模式在 ActiveMQ 上,则无法启动并显示错误:
Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: FIPS mode: SecureRandom must be from provider CCJ | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main
我尝试使用 Spring spel 来初始化 secureRandom: secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -
或
secureRandom="CCJ"
它没有用!!! 如何强制 secureRandom 提供程序来自“CCJ”类型
谢谢,
在使用 AMQ 5.15.0 和 CCJ 时,activemq.xml 中的以下配置对我有用:
<sslContext>
<sslContext
keyStore="file:${activemq.conf}/broker.ks"
keyStorePassword="123456"
keyStoreType="BCFKS"
trustStore="file:${activemq.conf}/broker.ts"
trustStorePassword="123456"
trustStoreType="BCFKS"
secureRandomAlgorithm="DEFAULT" />
</sslContext>
当我另外将带有 CCJ 值的 XML 属性“provider”添加到 sslContext 时,它也对我有用:
<sslContext>
<sslContext
keyStore="file:${activemq.conf}/broker.ks"
keyStorePassword="123456"
keyStoreType="BCFKS"
trustStore="file:${activemq.conf}/broker.ts"
trustStorePassword="123456"
trustStoreType="BCFKS"
secureRandomAlgorithm="DEFAULT"
**provider="CCJ"**/>
</sslContext>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.