If you use an invalid cipher suite in the parameter "transport.enabledCipherSuites" on an SSL transport connector, the broker will start with all ciphers enabled.
For example, use this transport connector:
<transportConnector name="ssl" uri="ssl://localhost:61717?needClientAuth=true&transport.enabledCipherSuites=foobar"/>
This is an attempt to enable the ciphersuite "foobar". The broker starts, and, in my environment I end up with 26 cipher suites enabled, 10 of which are generally considered weak.
Using the debugger I tracked this down to the method org.apache.activemq.util.IntrospectionSupport.setProperty. It uses reflection to invoke SSLServerSocket.setEnabledCipherSuites. That method throws an IllegalArgumentException if the specified ciphersuite is enabled. IntrospectionSupport.setProperty catches the exception and returns false.
I believe that this code should not be ignoring exceptions like this. This is a major security flaw: if a user is attempting to lock down ActiveMQ to a specific strong cipher suite, but makes a typo, the broker starts with with the ability to use weaker cipher suites.