qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stitcher (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-2518) Qpid C++ broker can easily be blocked by client trying to connect over SSL port
Date Fri, 25 May 2012 16:13:23 GMT

    [ https://issues.apache.org/jira/browse/QPID-2518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13283567#comment-13283567
] 

Andrew Stitcher commented on QPID-2518:
---------------------------------------

Good point - that'll teach me to actually read the words in the bug report, rather than reading
the words I expect to be there.
                
> Qpid C++ broker can easily be blocked by client trying to connect over SSL port
> -------------------------------------------------------------------------------
>
>                 Key: QPID-2518
>                 URL: https://issues.apache.org/jira/browse/QPID-2518
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>         Environment: Red Hat Enterprise MRG 1.2
>            Reporter: Armin Noll
>            Assignee: Andrew Stitcher
>             Fix For: 0.17
>
>
> We are running a C++ broker as deamon with the following configuration:
>  
> log-enable=info+
> log-to-file=/var/lib/qpidd/op_prod09/data/0097/qpidd.log
> log-to-syslog=no
> auth=yes
> acl-file=qpidd.acl
> realm=QPID0097
> data-dir=/var/lib/qpidd/op_prod09/data/0097
> pid-dir=/var/lib/qpidd/op_prod09/data/0097
> port=20097
> wait=30
> num-jfiles=4
> jfile-size-pgs=1
> wcache-page-size=128
> tpl-num-jfiles=4
> tpl-jfile-size-pgs=1
> tpl-wcache-page-size=128
> ssl-cert-db=/var/lib/qpidd/op_prod09/data/0097
> ssl-port=10097
> ssl-cert-name=RGC001
> ssl-cert-password-file=/var/lib/qpidd/op_prod09/data/0097/amq_cert_db.pwd
> ssl-require-client-authentication=yes
> cluster-name=QPID0097
> cluster-url=amqp:tcp:172.16.45.198:20097
> cluster-username=xxxxx
> cluster-password=xxxxx
>  
> We tried to connect an application to the SSL port which does not "talk" the correct
protocol. We simply used telnet:
> $ telnet 172.16.45.198 10097
>  
> The result was (we waited at least 30 min, then killed the process running telnet):
> The broker doesn't react anymore, no more new client connections can be established,
the broker even cannot be stopped with "qpidd -p 20097 -q".
>  
> This way anybody in the world could easily block our service provided over a Qpid broker.
> Is there a way to get around this? 
> This issue has also been reported as Red Hat service request no. 2014266.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message