我正在使用ActiveMQ 5.14,我的ssl配置是:
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/keystore/activemq/activemq.bcfks" keyStorePassword="password" keyStoreType="BCFKS"
trustStore="file:${activemq.base}/conf/keystore/activemq/cacerts.bcfks" trustStorePassword="password" trustStoreType="BCFKS" />
</sslContext>
我们的JVM配置为FIPS模式:
security.provider.4=com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider CCJ
如果启用FIPS模式,则ActiveMQ无法以ERROR:
启动Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: FIPS mode: SecureRandom must be from provider CCJ | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main
我尝试使用Spring spel来使用secureRandom:
secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -
或
secureRandom="CCJ"
它没有工作!!!
如何强制secureRandom提供程序来自类型&#39; CCJ&#39;
谢谢,
答案 0 :(得分:0)
当与AMJ 5.15.0和CCJ一起使用时,activemq.xml中的以下配置对我有用:
<sslContext>
<sslContext
keyStore="file:${activemq.conf}/broker.ks"
keyStorePassword="123456"
keyStoreType="BCFKS"
trustStore="file:${activemq.conf}/broker.ts"
trustStorePassword="123456"
trustStoreType="BCFKS"
secureRandomAlgorithm="DEFAULT" />
</sslContext>
当我向sslContext中添加带有CCJ值的XML属性“ provider”时,它也对我有用:
<sslContext>
<sslContext
keyStore="file:${activemq.conf}/broker.ks"
keyStorePassword="123456"
keyStoreType="BCFKS"
trustStore="file:${activemq.conf}/broker.ts"
trustStorePassword="123456"
trustStoreType="BCFKS"
secureRandomAlgorithm="DEFAULT"
**provider="CCJ"**/>
</sslContext>