Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-7282

Stomp + SSL + NIO fails heartbeats that do not contain a NULL byte

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 5.15.9
    • Fix Version/s: None
    • Component/s: STOMP
    • Labels:
      None

      Description

      Per the STOMP spec: 

      http://stomp.github.io/stomp-specification-1.2.html#Heart-beating

      if the sender has no real STOMP frame to send, it MUST send an end-of-line (EOL)

      http://stomp.github.io/stomp-specification-1.2.html#Augmented_BNF

      EOL = [CR] LF

      As such, our application, written in Go, sends "CR LF" when heart beating:

      _, err := c.conn.Write([]byte("\r\n")) 

      This has been working in production processing hundreds of messages per second since the end of last year.

      Recently the stomp transport connector was changed from "stomp+ssl" to "stomp+nio+ssl" and we began to receive EOF errors after sending a heartbeat in our application, and ActiveMQ began logging:

      2019-08-20 21:23:15,968 | WARN | Transport Connection to: tcp://172.20.101.127:55802 failed: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? | org.apache.activemq.broker.TransportConnection.Transport | ActiveMQ NIO Worker 662

      We verified that changing our heartbeat logic to include a NULL byte after the CR LF "fixed" this.

      The NIO connector should work without the NULL byte, since the spec says just EOL is required.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              borgstrom Borgstrom
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: