?
Solved

Alternatives to OpenSSL for ActiveMQ

Posted on 2014-04-13
9
Medium Priority
?
440 Views
Last Modified: 2014-04-15
Can we use another SSL package other than OpenSSL.  

If so, is OpenSSL the default
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 39998711
OpenSSL is not used by java application servers.
Please detail on what server software concerns you... (Press request attention and use form there so that moderators can re-shuffle topic areas)
If you are worried about heartbleed - just upgrade, confirm that vuln is addressed  and regenerate your ssl keys (your CA knows and will help)
0
 
LVL 62

Expert Comment

by:gheist
ID: 39999568
ActiveMQ uses jetty servlet engine, which, unlike tomcat has no chance of loading openssl libraries ever (and even on tomcat loading native SSL library is something between rocket science and eating swords)
0
 

Author Comment

by:Anthony Lucia
ID: 39999773
That seems good.

Where does ActiveMQ get their SSL from, what package
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:Anthony Lucia
ID: 39999784
This page:

https://activemq.apache.org/cms/openssl-support.html

seems to suggest you can use Openssl

Is Openssl an optional package ?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39999923
JCE/JCA (the toolkit included in java)
If it is too slow you can try bouncycastle ssl (one that android uses) before jumping on native openssl but otherwise you are safe if you patched java in last 2 montsh for non-crypto issues.

OpenSSL is used by 2/3 of all websites in the world. Now it is safe, you can install CPP module after you patch OpenSSL to speed up encryption (though bouncycastle may be faster in some settings, or at least cleaner by not calling JNI)
run "openssl version" - if it says anything else than 1.0.1 you might have happily jumped past the problems.

OpenSSL is not used by java, there is optional library that enables your java server to use it. As much as java is concerned presence of openssl or any other native SSL toolkit (like NSS or gnutls, which had their drop dead bugs in recent months, but no publicity because they are not used by high profile sites ever) is irrelevant.

e.g OpenSSH is omnipresent in UNIX etc, it uses openssl, but in mode that does not pass the code path of vulnerable extension.

What system you run your java on?
0
 

Author Comment

by:Anthony Lucia
ID: 40000354
Trying to run ActiveMQ on Linux.

What version of SSL will that configuration use

and why does this page say that OpenSSL is an option

https://activemq.apache.org/cms/openssl-support.html

Thanks
0
 
LVL 62

Expert Comment

by:gheist
ID: 40000478
Because it is an option, not a standard feature....

cat /proc/PID/maps

and see yourself if libcrypto.so.* is loaded or not.
0
 

Author Comment

by:Anthony Lucia
ID: 40001531
I did the following

root@clnt1 apache-activemq-5.9.0]# ls
activemq-all-5.9.0.jar  data      lib      README.txt  webapps-demo
bin                     docs      LICENSE  tmp
conf                    examples  NOTICE   webapps
[root@clnt1 apache-activemq-5.9.0]#
[root@clnt1 apache-activemq-5.9.0]#
[root@clnt1 apache-activemq-5.9.0]# cat /proc/PID/maps
cat: /proc/PID/maps: No such file or directory
[root@clnt1 apache-activemq-5.9.0]#

Open in new window



What is the default SSL on ActiveMQ ?
Thanks
0
 
LVL 62

Expert Comment

by:gheist
ID: 40002290
PID should be numeric process ID of your application server.
What openssl version is installed on your system?

Please refer to first word in previous answer
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month9 days, 9 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question