Anthony Lucia
asked on
Alternatives to OpenSSL for ActiveMQ
Can we use another SSL package other than OpenSSL.
If so, is OpenSSL the default
If so, is OpenSSL the default
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ActiveMQ uses jetty servlet engine, which, unlike tomcat has no chance of loading openssl libraries ever (and even on tomcat loading native SSL library is something between rocket science and eating swords)
ASKER
That seems good.
Where does ActiveMQ get their SSL from, what package
Where does ActiveMQ get their SSL from, what package
ASKER
This page:
https://activemq.apache.org/cms/openssl-support.html
seems to suggest you can use Openssl
Is Openssl an optional package ?
https://activemq.apache.org/cms/openssl-support.html
seems to suggest you can use Openssl
Is Openssl an optional package ?
JCE/JCA (the toolkit included in java)
If it is too slow you can try bouncycastle ssl (one that android uses) before jumping on native openssl but otherwise you are safe if you patched java in last 2 montsh for non-crypto issues.
OpenSSL is used by 2/3 of all websites in the world. Now it is safe, you can install CPP module after you patch OpenSSL to speed up encryption (though bouncycastle may be faster in some settings, or at least cleaner by not calling JNI)
run "openssl version" - if it says anything else than 1.0.1 you might have happily jumped past the problems.
OpenSSL is not used by java, there is optional library that enables your java server to use it. As much as java is concerned presence of openssl or any other native SSL toolkit (like NSS or gnutls, which had their drop dead bugs in recent months, but no publicity because they are not used by high profile sites ever) is irrelevant.
e.g OpenSSH is omnipresent in UNIX etc, it uses openssl, but in mode that does not pass the code path of vulnerable extension.
What system you run your java on?
If it is too slow you can try bouncycastle ssl (one that android uses) before jumping on native openssl but otherwise you are safe if you patched java in last 2 montsh for non-crypto issues.
OpenSSL is used by 2/3 of all websites in the world. Now it is safe, you can install CPP module after you patch OpenSSL to speed up encryption (though bouncycastle may be faster in some settings, or at least cleaner by not calling JNI)
run "openssl version" - if it says anything else than 1.0.1 you might have happily jumped past the problems.
OpenSSL is not used by java, there is optional library that enables your java server to use it. As much as java is concerned presence of openssl or any other native SSL toolkit (like NSS or gnutls, which had their drop dead bugs in recent months, but no publicity because they are not used by high profile sites ever) is irrelevant.
e.g OpenSSH is omnipresent in UNIX etc, it uses openssl, but in mode that does not pass the code path of vulnerable extension.
What system you run your java on?
ASKER
Trying to run ActiveMQ on Linux.
What version of SSL will that configuration use
and why does this page say that OpenSSL is an option
https://activemq.apache.org/cms/openssl-support.html
Thanks
What version of SSL will that configuration use
and why does this page say that OpenSSL is an option
https://activemq.apache.org/cms/openssl-support.html
Thanks
Because it is an option, not a standard feature....
cat /proc/PID/maps
and see yourself if libcrypto.so.* is loaded or not.
cat /proc/PID/maps
and see yourself if libcrypto.so.* is loaded or not.
ASKER
I did the following
What is the default SSL on ActiveMQ ?
Thanks
root@clnt1 apache-activemq-5.9.0]# ls
activemq-all-5.9.0.jar data lib README.txt webapps-demo
bin docs LICENSE tmp
conf examples NOTICE webapps
[root@clnt1 apache-activemq-5.9.0]#
[root@clnt1 apache-activemq-5.9.0]#
[root@clnt1 apache-activemq-5.9.0]# cat /proc/PID/maps
cat: /proc/PID/maps: No such file or directory
[root@clnt1 apache-activemq-5.9.0]#
What is the default SSL on ActiveMQ ?
Thanks
PID should be numeric process ID of your application server.
What openssl version is installed on your system?
Please refer to first word in previous answer
What openssl version is installed on your system?
Please refer to first word in previous answer