[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-users
Subject: Server cipher order to MQTT connections.
From: moreno <marcos.moreno () azeti ! net>
Date: 2018-09-12 13:09:44
Message-ID: 1536757784323-0.post () n4 ! nabble ! com
[Download RAW message or body]
Hi,
we are undergoing a security certification for our system. One of the issues
we get is related to the cipher order while establishing a TLS connection
with MQTT.
We went through the following document to configure the transport and select
the cipher suites we want to allow:
http://activemq.apache.org/ssl-transport-reference.html
However, we could not find a reference to the order of the cipher suites.
That seems to be an issue for security-scanning tools, like testssh
(https://github.com/drwetter/testssl.sh). See for exaple the following
output on one of our servers:
****start test output****
Testing server preferences
Has server cipher order? * nope (NOT ok)*
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 570 bit ECDH
(B-571) (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
ECDHE-RSA-AES128-GCM-SHA256: TLSv1.2
No further cipher order check has been done as order is determined by the
client
****end test output****
We did not find any reference to cipher order in the ActiveMQ documentation.
Is there a possibility to do so?
Thanks in advance and best regards,
Marcos Moreno.
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic