Merge pull request chef-boneyard#30 from jharveysmith/master

Enable setting transport_protocols
csdcrussell · Dec 3, 2015 · 3b97a5e · 3b97a5e
2 parents bcca59f + 10b84f5
commit 3b97a5e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -31,3 +31,6 @@
 default['activemq']['enable_stomp'] = true
 default['activemq']['use_default_config'] = false
 default['activemq']['install_java'] = true
+# set to 'TLSv1,TLSv1.1,TLSv1.2'
+# to disable sslv3 and protect against poodle
+default['activemq']['transport_protocols'] = nil
diff --git a/templates/default/activemq.xml.erb b/templates/default/activemq.xml.erb
@@ -110,14 +110,26 @@
         -->
         <transportConnectors>
             <!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
-            <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?<%=
+              node['activemq']['transport_protocols'] ?
+                "transport.enabledProtocols=#{node['activemq']['transport_protocols']}&amp;" :
+              ''
+              %>maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
             <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
 <% if node['activemq']['enable_stomp'] -%>
-            <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?<%= 
+              node['activemq']['transport_protocols'] ?
+                "transport.enabledProtocols=#{node['activemq']['transport_protocols']}&amp;" :
+                ''
+                %>maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
 <% end -%>
             <transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
             <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
-            <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?needClientAuth=true&amp;maximumConnections=1000&amp;wireformat.maxFrameSize=104857600" />
+            <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?<%=
+              node['activemq']['transport_protocols'] ?
+                "transport.enabledProtocols=#{node['activemq']['transport_protocols']}&amp;" :
+                ''
+                %>needClientAuth=true&amp;maximumConnections=1000&amp;wireformat.maxFrameSize=104857600" />
         </transportConnectors>
 
         <!-- destroy the spring context on shutdown to stop jetty -->