AWS amazon-mq documentation change
Summary
Added a note explaining that default 'verify_peer' setting supports broker-to-broker connections but requires disabling peer verification for connections to private/on-premises brokers with non-Amazon MQ CA certificates.
Security assessment
The change documents SSL/TLS configuration requirements for secure connections to non-AWS brokers. While it discusses security implications of disabling peer verification, there's no evidence of a specific vulnerability being patched.
Diff
diff --git a/amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md b/amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md index a1ad1f466..3fa4efd40 100644 --- a//amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md +++ b//amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md @@ -16,0 +17,4 @@ On Amazon MQ for RabbitMQ 3 SSL properties of AMQP clients is configured with Ra +###### Note + +With the default `verify_peer` setting, you can establish federation and shovel connections between any 2 Amazon MQ brokers but this does not support establishing the connection between Amazon MQ broker and private brokers or on-premises brokers that are running with non-Amazon MQ CA certificates. To connect with private or on-premises brokers, you need to disable peer verification on the downstream Amazon MQ broker. +