Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-7282

Stomp + SSL + NIO fails heartbeats that do not contain a NULL byte

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 5.15.9
    • None
    • STOMP
    • None

    Description

      Per the STOMP spec: 

      http://stomp.github.io/stomp-specification-1.2.html#Heart-beating

      if the sender has no real STOMP frame to send, it MUST send an end-of-line (EOL)

      http://stomp.github.io/stomp-specification-1.2.html#Augmented_BNF

      EOL = [CR] LF

      As such, our application, written in Go, sends "CR LF" when heart beating:

      _, err := c.conn.Write([]byte("\r\n")) 

      This has been working in production processing hundreds of messages per second since the end of last year.

      Recently the stomp transport connector was changed from "stomp+ssl" to "stomp+nio+ssl" and we began to receive EOF errors after sending a heartbeat in our application, and ActiveMQ began logging:

      2019-08-20 21:23:15,968 | WARN | Transport Connection to: tcp://172.20.101.127:55802 failed: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? | org.apache.activemq.broker.TransportConnection.Transport | ActiveMQ NIO Worker 662

      We verified that changing our heartbeat logic to include a NULL byte after the CR LF "fixed" this.

      The NIO connector should work without the NULL byte, since the spec says just EOL is required.

      Attachments

        Activity

          People

            Unassigned Unassigned
            borgstrom Borgstrom
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: