HTTP management ports configured with 'HTTP' protocol and 'SSL' transport options will silently fail to use SSL at all.
Since the changes made in the 0.21/0.22 development cycle for
QPID-4390 and related JIRAs to enable management of the broker entirely through the HTTP management interfaces, it has become possible to configure HTTP management ports in a way that suggests SSL is in use when it is in fact not.
Remove the HTTPS protocol option leaving only HTTP, and making all ports consistent in using the SSL transport value to indicate their use of SSL.
When the HTTP management plugin was added previously, it advertised HTTPS and HTTP as different protocol options, despite us using the transport option (TCP or SSL) alone to signal use of SSL for all other protocol types (AMQP and JMX/RMI). The influence over whether SSL was used for the port or not was simply a boolean in the brokers XML configuration file to indicate HTTPS. With the configuration model changes from
QPID-4390 etc, ports now have a more specific configuration that is dependent on both the specified protocols and transports to determine what to do but the HTTP management plugin is still only using HTTPS protocol value to indicate that it should use SSL and is ignoring the SSL transport value, however the REST interface and management UI allow this configuration and do not make it in any way clear that SSL is in fact not being used.