Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-1028

requireSsl:true not working for http listeners

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      With the following router config, a client will be rejected even if it is connecting using TLS. The wireshark trace indicates that the TLS handshake completes successfully, but the router closes the connection and prints in the log 'amqp:connection:policy-error Client connection unencrypted - forbidden'.

       

      If i set requireSsl: false , the client is able to connect both with and without TLS.

       

      
      router {
      mode: standalone
      id: Router.A
      }
      
      sslProfile {
      name: ssl_details
      certFile: /etc/qpid-dispatch/tls.crt
      privateKeyFile: /etc/qpid-dispatch/tls.key
      }
      
      listener {
      host: 127.0.0.1
      port: 8443
      http: true
      sslProfile: ssl_details
      requireSsl: true
      }
      
      address {
      prefix: q1
      }
      

       

      Example client:

      sudo npm install -g cli-rhea
      cli-rhea-sender --broker 127.0.0.1:8443 --address q1 --count 1 --conn-web-socket true --conn-ws-protocols binary --log-lib TRANSPORT_FRM

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lulf Ulf Lilleengen
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: