Wildfly 26 ActiveMQ connection not established with SSL enabled
206 views
Skip to first unread message
Sayantan Ganguly
Jul 11, 2024, 7:17:52 AM7/11/24
to WildFly
Hello All,
After migrating to Wildfly 26 and elytron based security framework, there is a problem with the ActiveMQ underlying netty connection to be established with SSL enabled.
It was working with Widlfy 24 earlier. The connector configuration looks like this as below: (with ssl-enabled set to false it works fine and able to send and receive messages)
<remote-connector name="ssl-remoting-connector" socket-binding="ssl-messaging">
<param name="ssl-enabled" value="true"/>
<param name="trust-store-password" value="<password>"/>
<param name="trust-store-path" value="<trust-store-path>"/>
<param name="trust-store-type" value="PKCS12"/>
</remote-connector>
<param name="ssl-enabled" value="true"/>
<param name="trust-store-password" value="<password>"/>
<param name="trust-store-path" value="<trust-store-path>"/>
<param name="trust-store-type" value="PKCS12"/>
</remote-connector>
I am using a test client to validate, and the getting an error:
org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector createConnection
ERROR: AMQ214016: Failed to create netty connection
io.netty.handler.ssl.SslHandshakeTimeoutException: handshake timed out after 10000ms
at io.netty.handler.ssl.SslHandler$7.run(SslHandler.java:2115)
at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98)
at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:153)
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:394)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
javax.ejb.EJBException: javax.jms.JMSException: Failed to create session factory
ERROR: AMQ214016: Failed to create netty connection
io.netty.handler.ssl.SslHandshakeTimeoutException: handshake timed out after 10000ms
at io.netty.handler.ssl.SslHandler$7.run(SslHandler.java:2115)
at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98)
at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:153)
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:394)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
javax.ejb.EJBException: javax.jms.JMSException: Failed to create session factory
Client code look like this:
javax.jms.Connection connection = javax.jms.ConnectionFactory.createConnection(username, password);
Thanks,
Sayantan
Emmanuel Hugonnet
Jul 11, 2024, 9:09:05 AM7/11/24
to wil...@googlegroups.com
Is trust-store-path a path on the client ?
Emmanuel
Emmanuel
Sayantan Ganguly
Jul 11, 2024, 9:15:53 AM7/11/24
to Emmanuel Hugonnet, WildFly
No, trust-store-path is a path on the Wildly Server.
--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/60ea792c-d3c6-4d01-8207-5ca8bc8f77b5%40redhat.com.
Emmanuel Hugonnet
Jul 11, 2024, 9:20:21 AM7/11/24
to Sayantan Ganguly, WildFly
It won't work then, the connector is the client configuration so you need to have the path matching the one on the client.
Emmanuel
Le 11/07/2024 à 15:15, Sayantan Ganguly a écrit :
> No, trust-store-path is a path on the Wildly Server.
>
> On Thu, 11 Jul 2024, 18:39 Emmanuel Hugonnet, <ehug...@redhat.com> wrote:
>
> Is trust-store-path a path on the client ?
> Emmanuel
> Le 11/07/2024 à 13:17, Sayantan Ganguly a écrit :
> > <param name="trust-store-password" value="<password>"/>
> > <param name="trust-store-path" value="<trust-store-path>"/>
>
> --
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com
> <mailto:wildfly%2Bunsu...@googlegroups.com>.
Emmanuel
Le 11/07/2024 à 15:15, Sayantan Ganguly a écrit :
> No, trust-store-path is a path on the Wildly Server.
>
> On Thu, 11 Jul 2024, 18:39 Emmanuel Hugonnet, <ehug...@redhat.com> wrote:
>
> Is trust-store-path a path on the client ?
> Emmanuel
> Le 11/07/2024 à 13:17, Sayantan Ganguly a écrit :
> > <param name="trust-store-password" value="<password>"/>
> > <param name="trust-store-path" value="<trust-store-path>"/>
>
> --
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com
Sayantan Ganguly
Jul 12, 2024, 7:48:14 AM7/12/24
to WildFly
Hello Emmanuel,
I re-configured, the connector and acceptor. In my case the client is created in a Junit Runner(keystore trustore is set) and I am starting the Wildfly server using cargo plugin, so .p12 file paths of truststore and keystore are accessible to the client and server. I am getting a handshake_failure now, any pointers to what could be going wrong. The certificate is a rootCA certificate generated and imported in both the keystore and trustore, it is generated with openssl commands (ref: https://www.baeldung.com/openssl-self-signed-cert).
One observation is that if the certificate is created with localhost as CN then I am getting - CertificateException: No name matching <FQDN> found.
I have observed a WARNING in the server logs as well - 2024-07-12 00:00:28.579 WARN [org.apache.activemq.artemis.jms.server] AMQ122005: Invalid "host" value "0.0.0.0" detected for "ssl-remoting-connector" connector. Switching to "<my-fqdn>". If this new address is incorrect please manually configure the connector to use the proper one.
<remote-connector name="ssl-remoting-connector" socket-binding="ssl-messaging">
<param name="ssl-enabled" value="true"/>
<param name="trust-store-type" value="PKCS12"/>
</remote-connector>
<param name="ssl-enabled" value="true"/>
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)}
ERROR: AMQ214016: Failed to create netty connection
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
javax.ejb.EJBException: javax.jms.JMSException: Failed to create session factory
I re-configured, the connector and acceptor. In my case the client is created in a Junit Runner(keystore trustore is set) and I am starting the Wildfly server using cargo plugin, so .p12 file paths of truststore and keystore are accessible to the client and server. I am getting a handshake_failure now, any pointers to what could be going wrong. The certificate is a rootCA certificate generated and imported in both the keystore and trustore, it is generated with openssl commands (ref: https://www.baeldung.com/openssl-self-signed-cert).
One observation is that if the certificate is created with localhost as CN then I am getting - CertificateException: No name matching <FQDN> found.
I have observed a WARNING in the server logs as well - 2024-07-12 00:00:28.579 WARN [org.apache.activemq.artemis.jms.server] AMQ122005: Invalid "host" value "0.0.0.0" detected for "ssl-remoting-connector" connector. Switching to "<my-fqdn>". If this new address is incorrect please manually configure the connector to use the proper one.
I am attaching the confiuration, SSL DEBUG logs and the exception for reference.
Standalone xml configuration:
Standalone xml configuration:
<remote-connector name="ssl-remoting-connector" socket-binding="ssl-messaging">
<param name="ssl-enabled" value="true"/>
<param name="trust-store-password" value="<password>"/>
<param name="trust-store-path" value="<client-trust-store-path>"/>
<param name="trust-store-type" value="PKCS12"/>
</remote-connector>
<remote-acceptor name="ssl-remoting-acceptor" socket-binding="ssl-messaging">
<param name="ssl-enabled" value="true"/>
<param name="key-store-password" value="<pasword>"/>
<param name="key-store-path" value="<server-key-store-path>"/>
<param name="key-store-type" value="PKCS12"/>
</remote-acceptor>
<socket-binding name="ssl-messaging" port="5455"/>
Logs:
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.494 MDT|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.494 MDT|ServerHello.java:963|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: max_fragment_length
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: status_request
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.496 MDT|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.496 MDT|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|PreSharedKeyExtension.java:895|Handling pre_shared_key absence.
javax.net.ssl|ALL|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLSessionImpl.java:210|Session initialized: Session(1720783627497|TLS_AES_256_GCM_SHA384)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: ec_point_formats
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|WARNING|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.499 MDT|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.499 MDT|SSLExtensions.java:207|Ignore unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.499 MDT|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.511 MDT|SSLCipher.java:1866|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.512 MDT|SSLCipher.java:2020|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.513 MDT|SSLEngineOutputRecord.java:529|WRITE: TLSv1.3 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.513 MDT|SSLEngineOutputRecord.java:550|Raw write (
0000: 14 03 03 00 01 01 ......
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:177|Raw read (
0000: 14 03 03 00 01 01 ......
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|ChangeCipherSpec.java:246|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:177|Raw read (
0000: 17 03 03 00 31 24 9B 2B D1 C7 87 26 FB 50 20 63 ....1$.+...&.P c
0010: 0A B1 E1 7B C3 9F A4 46 A3 BC EB B3 02 AA 53 60 .......F......S`
0020: E3 3B E3 A3 65 43 1D 03 F7 06 48 DD CC 9F 35 D8 .;..eC....H...5.
0030: 0A A6 29 59 73 35 ..)Ys5
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 application_data, length = 49
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.526 MDT|SSLCipher.java:1957|Plaintext after DECRYPTION (
0000: 08 00 00 0C 00 0A 00 0A 00 06 00 04 00 19 00 17 ................
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|EncryptedExtensions.java:171|Consuming EncryptedExtensions handshake message (
"EncryptedExtensions": [
"supported_groups (10)": {
"versions": [secp521r1, secp256r1]
}
]
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:173|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.529 MDT|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.529 MDT|SSLEngineInputRecord.java:177|Raw read (
0000: 17 03 03 00 23 0A 6C 87 9C DB 77 AE 7D 9F 4F CE ....#.l...w...O.
0010: B5 2F B7 B8 E9 89 86 1A 16 25 6B F2 FC 9A 41 38 ./.......%k...A8
0020: EF 97 EE 5C 85 D3 14 88 ...\....
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.529 MDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 application_data, length = 35
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.530 MDT|SSLCipher.java:1957|Plaintext after DECRYPTION (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.531 MDT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.532 MDT|TransportContext.java:345|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:487)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:385)
<param name="key-store-path" value="<server-key-store-path>"/>
<param name="key-store-type" value="PKCS12"/>
</remote-acceptor>
<socket-binding name="ssl-messaging" port="5455"/>
Logs:
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.494 MDT|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.494 MDT|ServerHello.java:963|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: max_fragment_length
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: status_request
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.495 MDT|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.496 MDT|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.496 MDT|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|PreSharedKeyExtension.java:895|Handling pre_shared_key absence.
javax.net.ssl|ALL|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLSessionImpl.java:210|Session initialized: Session(1720783627497|TLS_AES_256_GCM_SHA384)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.497 MDT|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: ec_point_formats
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:207|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.498 MDT|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|WARNING|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.499 MDT|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.499 MDT|SSLExtensions.java:207|Ignore unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.499 MDT|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.511 MDT|SSLCipher.java:1866|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.512 MDT|SSLCipher.java:2020|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.513 MDT|SSLEngineOutputRecord.java:529|WRITE: TLSv1.3 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.513 MDT|SSLEngineOutputRecord.java:550|Raw write (
0000: 14 03 03 00 01 01 ......
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:177|Raw read (
0000: 14 03 03 00 01 01 ......
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|ChangeCipherSpec.java:246|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:177|Raw read (
0000: 17 03 03 00 31 24 9B 2B D1 C7 87 26 FB 50 20 63 ....1$.+...&.P c
0010: 0A B1 E1 7B C3 9F A4 46 A3 BC EB B3 02 AA 53 60 .......F......S`
0020: E3 3B E3 A3 65 43 1D 03 F7 06 48 DD CC 9F 35 D8 .;..eC....H...5.
0030: 0A A6 29 59 73 35 ..)Ys5
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.514 MDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 application_data, length = 49
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.526 MDT|SSLCipher.java:1957|Plaintext after DECRYPTION (
0000: 08 00 00 0C 00 0A 00 0A 00 06 00 04 00 19 00 17 ................
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|EncryptedExtensions.java:171|Consuming EncryptedExtensions handshake message (
"EncryptedExtensions": [
"supported_groups (10)": {
"versions": [secp521r1, secp256r1]
}
]
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:173|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.528 MDT|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.529 MDT|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.529 MDT|SSLEngineInputRecord.java:177|Raw read (
0000: 17 03 03 00 23 0A 6C 87 9C DB 77 AE 7D 9F 4F CE ....#.l...w...O.
0010: B5 2F B7 B8 E9 89 86 1A 16 25 6B F2 FC 9A 41 38 ./.......%k...A8
0020: EF 97 EE 5C 85 D3 14 88 ...\....
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.529 MDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 application_data, length = 35
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.530 MDT|SSLCipher.java:1957|Plaintext after DECRYPTION (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.531 MDT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.532 MDT|TransportContext.java:345|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:487)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:385)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)}
)
javax.net.ssl|ALL|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.532 MDT|SSLSessionImpl.java:784|Invalidated session: Session(1720783627102|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ALL|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.532 MDT|SSLSessionImpl.java:784|Invalidated session: Session(1720783627497|TLS_AES_256_GCM_SHA384)
Jul 12, 2024 5:27:07 AM org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector createConnection
javax.net.ssl|ALL|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.532 MDT|SSLSessionImpl.java:784|Invalidated session: Session(1720783627102|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ALL|1A|Thread-2 (ActiveMQ-client-netty-threads)|2024-07-12 05:27:07.532 MDT|SSLSessionImpl.java:784|Invalidated session: Session(1720783627497|TLS_AES_256_GCM_SHA384)
Jul 12, 2024 5:27:07 AM org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector createConnection
ERROR: AMQ214016: Failed to create netty connection
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:487)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:385)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:487)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:385)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
javax.ejb.EJBException: javax.jms.JMSException: Failed to create session factory
Emmanuel Hugonnet
Jul 12, 2024, 8:18:01 AM7/12/24
to wil...@googlegroups.com
You need to set the "verify-host" parameter on your connector to false.
https://docs.wildfly.org/31/wildscribe/subsystem/messaging-activemq/connector/index.html#attr-params
Emmanuel
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> <https://groups.google.com/d/msgid/wildfly/8c7774f0-a33a-4dc8-9927-e4d225be59bbn%40googlegroups.com?utm_medium=email&utm_source=footer>.
https://docs.wildfly.org/31/wildscribe/subsystem/messaging-activemq/connector/index.html#attr-params
Emmanuel
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/wildfly/8c7774f0-a33a-4dc8-9927-e4d225be59bbn%40googlegroups.com
> <https://groups.google.com/d/msgid/wildfly/8c7774f0-a33a-4dc8-9927-e4d225be59bbn%40googlegroups.com?utm_medium=email&utm_source=footer>.
Sayantan Ganguly
Jul 15, 2024, 7:57:00 AM7/15/24
to WildFly
Hello
Emmanuel,
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:394)
In the test environment with your suggestion of setting the verify-host parameter to false I was able to resolve the handshake exception.
But in the production environment(the standalone configuration is exactly same as test) , I am getting the below exception:
We are using bouncy castle jar versions - bc-fips.jar - 1.0.2.4 & bcpkix-fips - 1.0.7
WARN [io.netty.channel.ChannelInitializer] Failed to initialize a channel. Closing: [id: 0x53c0a209]: java.io.IOException: PKCS12 key store mac invalid - wrong password or corrupted file.
at org.bouncycastle.jcajce.provider.ProvPKCS12$PKCS12KeyStoreSpi.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:307)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory(SSLSupport.java:332)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagers(SSLSupport.java:320)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.createContext(SSLSupport.java:203)
at org.apache.activemq.artemis.core.remoting.impl.ssl.DefaultSSLContextFactory.getSSLContext(DefaultSSLContextFactory.java:44)
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.loadJdkSslEngine(NettyConnector.java:747)
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.access$1700(NettyConnector.java:129)
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector$1.initChannel(NettyConnector.java:660)
at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:938)
at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514)
at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429)
at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486)
at org.bouncycastle.jcajce.provider.ProvPKCS12$PKCS12KeyStoreSpi.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:307)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory(SSLSupport.java:332)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagers(SSLSupport.java:320)
at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.createContext(SSLSupport.java:203)
at org.apache.activemq.artemis.core.remoting.impl.ssl.DefaultSSLContextFactory.getSSLContext(DefaultSSLContextFactory.java:44)
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.loadJdkSslEngine(NettyConnector.java:747)
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.access$1700(NettyConnector.java:129)
at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector$1.initChannel(NettyConnector.java:660)
at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:938)
at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514)
at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429)
at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486)
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:394)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
2024-07-15 03:51:59.985 ERROR [org.apache.activemq.artemis.core.client] AMQ214016: Failed to create netty connection: io.netty.channel.StacklessClosedChannelException
at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)
2024-07-15 03:51:59.985 ERROR [org.apache.activemq.artemis.core.client] AMQ214016: Failed to create netty connection: io.netty.channel.StacklessClosedChannelException
at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)
at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)
2024-07-15 03:51:59.985 ERROR [org.apache.activemq.artemis.core.client] AMQ214016: Failed to create netty connection: io.netty.channel.StacklessClosedChannelException
at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)
Thanks,
Sayantan
Emmanuel Hugonnet
Jul 15, 2024, 9:46:22 AM7/15/24
to wil...@googlegroups.com
Can't really help you there as it seems the issue is in BC loading the certificate.
Emmanuel
> <https://groups.google.com/d/msgid/wildfly/8c7774f0-a33a-4dc8-9927-e4d225be59bbn%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> <https://groups.google.com/d/msgid/wildfly/55af55c0-0bc5-4234-9d00-d2e6d40e72f9n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Emmanuel
>
> --
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/wildfly/55af55c0-0bc5-4234-9d00-d2e6d40e72f9n%40googlegroups.com
> --
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/wildfly/55af55c0-0bc5-4234-9d00-d2e6d40e72f9n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Sayantan Ganguly
Jul 16, 2024, 7:59:03 AM7/16/24
to WildFly
Hello Emmanuel,
Thanks for your help so far!
The issue is happening if the javax.net.ssl.keyStorePassword is set in jvm argument in encrypted format though the connector has the key-store-password paramter set in clear text.
ActiveMQ is prioritising the javax.net.ssl.keyStorePassword over
key-store-password parameter in standalone.xml subsystem. If javax.net.ssl.keyStorePassword is passed in clear text it is working fine.
Is there a way to prioritise activemq subsystem paramters over jvm args?
Thanks,
Sayantan
Emmanuel Hugonnet
Jul 16, 2024, 8:06:51 AM7/16/24
to wil...@googlegroups.com
I believe there is a SPI for certificate loading so you could implement your own.
https://activemq.apache.org/components/artemis/documentation/javadocs/javadoc-latest/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactory.html
Emmanuel
> <https://groups.google.com/d/msgid/wildfly/55af55c0-0bc5-4234-9d00-d2e6d40e72f9n%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> <https://groups.google.com/d/msgid/wildfly/bbe7349a-b890-405c-80f2-e29e9eabd034n%40googlegroups.com?utm_medium=email&utm_source=footer>.
https://activemq.apache.org/components/artemis/documentation/javadocs/javadoc-latest/org/apache/activemq/artemis/spi/core/remoting/ssl/SSLContextFactory.html
Emmanuel
>
> --
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/wildfly/bbe7349a-b890-405c-80f2-e29e9eabd034n%40googlegroups.com
> --
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/wildfly/bbe7349a-b890-405c-80f2-e29e9eabd034n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages