[DISPATCH-1028] requireSsl:true not working for http listeners - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

With the following router config, a client will be rejected even if it is connecting using TLS. The wireshark trace indicates that the TLS handshake completes successfully, but the router closes the connection and prints in the log 'amqp:connection:policy-error Client connection unencrypted - forbidden'.

If i set requireSsl: false , the client is able to connect both with and without TLS.


router {
mode: standalone
id: Router.A
}

sslProfile {
name: ssl_details
certFile: /etc/qpid-dispatch/tls.crt
privateKeyFile: /etc/qpid-dispatch/tls.key
}

listener {
host: 127.0.0.1
port: 8443
http: true
sslProfile: ssl_details
requireSsl: true
}

address {
prefix: q1
}

Example client:

sudo npm install -g cli-rhea
cli-rhea-sender --broker 127.0.0.1:8443 --address q1 --count 1 --conn-web-socket true --conn-ws-protocols binary --log-lib TRANSPORT_FRM

Attachments

Issue Links

is caused by

DISPATCH-1040 websocket listener doesn't work with requireSsl, requireEncryption or EXTERNAL mechanism

Open

is related to

DISPATCH-347 Negative SASL outome when "requireEncryption" isn't satisfied

Open

Activity

People

Assignee:: Unassigned

Reporter:: Ulf Lilleengen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Jun/18 14:38

Updated:: 02/Apr/21 10:31