Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
Red Hat Enterprise MRG 1.2
Description
We are running a C++ broker as deamon with the following configuration:
log-enable=info+
log-to-file=/var/lib/qpidd/op_prod09/data/0097/qpidd.log
log-to-syslog=no
auth=yes
acl-file=qpidd.acl
realm=QPID0097
data-dir=/var/lib/qpidd/op_prod09/data/0097
pid-dir=/var/lib/qpidd/op_prod09/data/0097
port=20097
wait=30
num-jfiles=4
jfile-size-pgs=1
wcache-page-size=128
tpl-num-jfiles=4
tpl-jfile-size-pgs=1
tpl-wcache-page-size=128
ssl-cert-db=/var/lib/qpidd/op_prod09/data/0097
ssl-port=10097
ssl-cert-name=RGC001
ssl-cert-password-file=/var/lib/qpidd/op_prod09/data/0097/amq_cert_db.pwd
ssl-require-client-authentication=yes
cluster-name=QPID0097
cluster-url=amqp:tcp:172.16.45.198:20097
cluster-username=xxxxx
cluster-password=xxxxx
We tried to connect an application to the SSL port which does not "talk" the correct protocol. We simply used telnet:
$ telnet 172.16.45.198 10097
The result was (we waited at least 30 min, then killed the process running telnet):
The broker doesn't react anymore, no more new client connections can be established, the broker even cannot be stopped with "qpidd -p 20097 -q".
This way anybody in the world could easily block our service provided over a Qpid broker.
Is there a way to get around this?
This issue has also been reported as Red Hat service request no. 2014266.