Just to be clear about the way this works... When a Core client using UDP discovery (i.e. connection url like "udp://host:9876") it first simply listens for a connector broadcast via UDP from the broker. Once the client receives the connector information it uses that to connect. The configuration of the connector that the broker(s) broadcast is arbitrary. In your case the connector will include sslEnabled=true and potentially some keystore or truststore config parameters. As you noted, some SSL-related parameters from the connector broadcast from the broker can be overridden by the client.
Justin On Thu, Jul 10, 2025 at 7:38 PM Glenn Burkhardt <gbburkha...@gmail.com> wrote: > Never mind. I see how this works now. > > When the client connects to the server, the server tells the client that > the connection should be SSL encrypted, and conveys the truststore > location and password to the client. So there's no configuration > necessary on the client side, unless the truststore location is > different on the system where the client is running. That can be changed > on the client side by setting a system property > (ACTIVEMQ_KEYSTORE_PATH_PROP_NAME or JAVAX_KEYSTORE_PATH_PROP_NAME). > > On 7/10/2025 3:11 PM, Glenn Burkhardt wrote: > > I've been trying to figure out how configure a client to use SSL when > > the client also uses UDP discovery to find servers. Is that > > possible? Presumably the acceptor/connector in each of the servers > > needs to be set up with SSL - that seems to be straight forward. > > > > I'd also like to do this programmatically. All the ActiveMQClient and > > ServerLocator methods that use a TransportConfiguration as an argument > > seem to be for connecting to a specific server. > > > > Thanks. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org > For additional commands, e-mail: users-h...@activemq.apache.org > For further information, visit: https://activemq.apache.org/contact > > >
