在TLS1.2上創建ActiveMQ連接

Question

我們必須刪除SSLV3支持。所以我們改變了activemq配置。我們添加了transportConnector並設置了enabledProtocol ='TLS1.1，TLS1.2'。所以它應該支持TLS1.1或TLS1.2 但我沒有得到如何指定協議當我創建連接。 現在它給了我錯誤SSLV2Hello被禁用。 所以我的問題是如何在創建連接時給出協議列表。 我試過它SSLSocket，但無法通過。 有人可以請給我線索..

String keyStorePath = "abc.ks"; 
String keyStorePassword = "XYZ"; 
String trustStore = "cks.ts";      
java.lang.System.setProperty("javax.net.ssl.keyStore", keyStorePath); 
java.lang.System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); 
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore); 
String connectionURL = 'URL?initialReconnectDelay=10&maxReconnectDelay=10&maxReconnectAttempts=2&jms.watchTopicAdvisories=false&wireFormat.maxInactivityDuration=3600000'; 

ConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionURL); 
Connection connection = factory.createConnection(user, pwd); 

Answer 1

最後，它爲我工作。

String keyStorePassword = "123456"; 
String configPath = "C:\\ssl\\"; 
String keyStorePath = configPath + "client.ks"; 
KeyStore ks = KeyStore.getInstance("jks"); 
String trustStore = configPath + "trust.ts"; 
java.lang.System.setProperty("javax.net.ssl.trustStore", trustStore); 
java.lang.System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword); 

      InputStream ksIs = new FileInputStream(keyStorePath); 
      try { 
       ks.load(ksIs, keyStorePassword.toCharArray()); 
      } finally { 
       if (ksIs != null) { 
        ksIs.close(); 
       } 
      } 
      KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
      kmf.init(ks, keyStorePassword.toCharArray()); 

      TrustManager[] trustAllCerts = new TrustManager[] { 
        new X509TrustManager() { 
         public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { 
         } 

         public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { 
         } 

         public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
          return null; 
         } 
        } 
      }; 

      final SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); 
      ConnectionFactory factory = new ActiveMQSslConnectionFactory(URL); 
      sslContext.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());  
      SslContext context = new SslContext(); 
      context.setSSLContext(sslContext); 
      SslContext.setCurrentSslContext(context); 
      Connection connection = factory.createConnection(loginName, pwd); 
      connection.start();   
      Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); 
      MessageProducer nonPersistentProducer = session.createProducer(null); 
      session.close(); 
      connection.close();