[BAM-20420] Provide a way to disable the additional JMS SSL listener Bamboo automatically launches.

Type: Suggestion
Resolution: Fixed
Fix Version/s: 8.0.0, 8.0.0 EAP1
Component/s: Agents, Network
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Problem Definition

If Bamboo's JMS broker is not configured as ssl:// (e.g. when it's configured as tcp://, nio:// or nio+ssl://) Bamboo will start an additional SSL listener on port (primary broker port + 1, default: 54664). It would be great to have a way to disable this behavior when an additional SSL connector isn't needed.

Workaround

Convert the primary broker to SSL instead of TCP and Bamboo will only start one listener:

Securing your remote agents

The additional connector also serves no purpose in a typical Bamboo installation, feel free to firewall it off if you are looking to reduce open ports for security purposes.

was split from

BAM-20164 Extend validity on self-signed certificate for Bamboo's JMS Broker when automatic SSL management is enabled.

Closed

Marcin Gardias made changes - 30/Jul/2021 1:39 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Waiting for Release [ 12075 ]	New: Closed [ 6 ]

Alexey Chystoprudov made changes - 18/May/2021 11:21 AM

Fix Version/s

New: 8.0.0 EAP1 [ 95495 ]

Jeremy Owen added a comment - 08/Mar/2021 12:50 AM

Property to disable it once released:

-Dbamboo.jms.ssl.endpoint.enabled=false

Jeremy Owen added a comment - 08/Mar/2021 12:50 AM Property to disable it once released: -Dbamboo.jms.ssl.endpoint.enabled= false

Alexey Chystoprudov made changes - 04/Mar/2021 8:34 PM

Status

Original: In Progress [ 3 ]

New: Waiting for Release [ 12075 ]

Alexey Chystoprudov made changes - 04/Mar/2021 8:34 PM

Fix Version/s

New: 8.0.0 [ 92814 ]

Alexey Chystoprudov made changes - 04/Mar/2021 8:34 PM

Status

Original: Gathering Interest [ 11772 ]

New: In Progress [ 3 ]

Alexey Chystoprudov made changes - 04/Mar/2021 8:34 PM

Assignee

New: Alexey Chystoprudov [ achystoprudov ]

Alexey Chystoprudov made changes - 03/Mar/2021 6:45 PM

Remote Link

New: This issue links to "+core+ Dogfooding › Test Git Branch Detection › ~~BAM-20420~~ (tardigrade-bamboo)" [ 533489 ]

Jeremy Owen made changes - 02/Mar/2021 10:56 PM

Description

Original: h3. Problem Definition
If Bamboo's JMS broker is not configured as ssl:// Bamboo will start an additional SSL listener on port (primary broker port + 1, default: 54664). It would be great to have a way to disable this behavior when an additional SSL connector isn't needed.

h3. Suggested Solution
* System property to disable the additional SSL listener.

h3. Workaround
Convert the primary broker to SSL instead of TCP and Bamboo will only start one listener:
* [Securing your remote agents|https://confluence.atlassian.com/bamboo/securing-your-remote-agents-289277197.html]

The additional connector also serves no purpose in a typical Bamboo installation, feel free to firewall it off if you are looking to reduce open ports for security purposes.

New: h3. Problem Definition
If Bamboo's JMS broker is not configured as ssl:// (e.g. when it's configured as tcp://, nio:// or nio+ssl://) Bamboo will start an additional SSL listener on port (primary broker port + 1, default: 54664). It would be great to have a way to disable this behavior when an additional SSL connector isn't needed.

h3. Suggested Solution
* System property to disable the additional SSL listener.

h3. Workaround
Convert the primary broker to SSL instead of TCP and Bamboo will only start one listener:
* [Securing your remote agents|https://confluence.atlassian.com/bamboo/securing-your-remote-agents-289277197.html]

The additional connector also serves no purpose in a typical Bamboo installation, feel free to firewall it off if you are looking to reduce open ports for security purposes.

Jeremy Owen made changes - 02/Mar/2021 10:55 PM

Description

Original: h3. Problem Definition
If Bamboo's JMS broker is configured for TCP, Bamboo will start an additional SSL listener on port (primary broker port + 1, default: 54664). It would be great to have a way to disable this behavior when an additional SSL connector isn't needed.

h3. Suggested Solution
* System property to disable the additional SSL listener.

h3. Workaround
Convert the primary broker to SSL instead of TCP and Bamboo will only start one listener:
* [Securing your remote agents|https://confluence.atlassian.com/bamboo/securing-your-remote-agents-289277197.html]

The additional connector also serves no purpose in a typical Bamboo installation, feel free to firewall it off if you are looking to reduce open ports for security purposes.

New: h3. Problem Definition
If Bamboo's JMS broker is not configured as ssl:// Bamboo will start an additional SSL listener on port (primary broker port + 1, default: 54664). It would be great to have a way to disable this behavior when an additional SSL connector isn't needed.

h3. Suggested Solution
* System property to disable the additional SSL listener.

h3. Workaround
Convert the primary broker to SSL instead of TCP and Bamboo will only start one listener:
* [Securing your remote agents|https://confluence.atlassian.com/bamboo/securing-your-remote-agents-289277197.html]

The additional connector also serves no purpose in a typical Bamboo installation, feel free to firewall it off if you are looking to reduce open ports for security purposes.

Assignee:: Alexey Chystoprudov

Reporter:: Jeremy Owen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 02/May/2019 1:54 AM

Updated:: 30/Jul/2021 1:39 PM

Resolved:: 30/Jul/2021 1:39 PM

Details

Description

Problem Definition

Suggested Solution

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: Jeremy Owen added a comment - 08/Mar/2021 12:50 AM

Expand comment: Jeremy Owen added a comment - 08/Mar/2021 12:50 AM

People

Dates