When using the AMQP SSL transport the currentTransportCount (variable that tracks connection count in TcpTransportServer.java) can "leak" when the SSL connection is aborted during handshake. In this case the TcpTransportServer class the currentTransportCount is incremented in handleSocket but never decremented in stopped. This eventually leads to ExceededMaximumConnectionsException being thrown from handleSocket. The SSL connection is aborted during handshake if needClientAuth is configured on the transport and a client with an invalid certificate tries to connect.
1. Enable the AMQP SSL transport: <transportConnector name="amqp+ssl" uri="amqp+ssl://0.0.0.0:5671?needClientAuth=true&maximumConnections=10"/>
2. Try to connect with no/invalid client certificate: openssl s_client -connect localhost:5671
3. After 10 attempts ActiveMQ logs will start showing ExceededMaximumConnectionsException exceptions.
During the SSL handshake phase the protocol converter in the AMQP transport is set to the AMQPProtocolDiscriminator which silently swallows exceptions:
Which in turn cause the normal stop sequence (via asyncStop) to be skipped.
Change the AMQPProtocolDiscriminator to handle the error instead of swallow it: