TCP Support for AWS Active MQ

Question

I want to test active MQ behind NLB but with TCP and not SSL. I don't have rights to setup Route53 and create a SSL Certificate.

As We can see , MQ provides us with multiple endpoints for SSL, STOMP etc.

since ssl is above tcp in networking layer, does ssl endpoint support TCP as well.

I can not find anything in AWS Documentation , i tried using TCP:443 as protocol on port 61616 and 61617 and 61614 + HTTPS on 8162 or TCP on all 3 ports for health check for network Load Balancer, but it does not work, no matter what i do , health check does not pass.

any help is much appriciated

Answer 1

If the broker is using a transport configuration with ssl in the scheme (e.g. ssl://, amqp+ssl://, mqtt+ssl://) then clients must use SSL/TLS when they connect to that transport.

To be clear, all transports use TCP. Therefore, TCP is required to connect, but it is not always sufficient to connect. In the aforementioned cases you need SSL/TLS as well.

Typically the broker would support bare TCP connections on port 61616, but I don't see that transport configured in the screenshot in your question. If such a transport existed it would start with tcp://.

Answer 2

If your question is about using a TCP tunnel to connect to the Amazon MQ SSL endpoint, then I can confirm that it's working fine with Amazon MQ.
It seems like there might be an issue with your TCP tunnel configuration.
Try checking the SSL connectivity on the port using 'openssl s_client' command.
If you're able to establish the SSL connection with openssl, then the problem might be with the SSL host certificate check.
You can resolve this by turning off host validation on the client side using "?verifyHostName=false" in the URL, as explained in the documentation.