In Amazon MQ, when we connect from Active MQ client to Amazon MQ broker, we just use connection URL as ssl://<broker>:61617 but nowhere in whole AWS documentation it mentioned if this client-broker communication is secure or not and which version of TLS does client-broker connection use. Below is sample snippet of code to connect Amazon MQ as provide by AWS here.
// Create a connection factory.
final ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(wireLevelEndpoint);
// Pass the username and password.
connectionFactory.setUserName(activeMqUsername);
connectionFactory.setPassword(activeMqPassword);
// Create a pooled connection factory.
final PooledConnectionFactory pooledConnectionFactory = new PooledConnectionFactory();
pooledConnectionFactory.setConnectionFactory(connectionFactory);
pooledConnectionFactory.setMaxConnections(10);
// Establish a connection for the producer.
final Connection producerConnection = pooledConnectionFactory.createConnection();
producerConnection.start();
This article says it uses SSL but no mention, which version of TLS/SSL it uses as old SSL is no more secure.
Which TLS/SSL version does Amazon MQ broker - client connection use? Do we have any othe way to use latest version of TLS with Amazon MQ broker - client?
Amazon recommend TLS 1.2 or later.
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/data-protection.html