search

rabbitmq / rabbitmq-federation

RabbitMQ Federation plugin
https://www.rabbitmq.com/
Other
40 stars 21 forks source link

Federation Connections with TLS #83

Closed hsdj-alex closed 5 years ago

hsdj-alex commented 5 years ago

hi, i use federation-link with TLS in host(11.4.51.24 rabbitmq version 3.7.9/elrang version 21.2), i startup upstream-link to host(11.4.51.25), but client occurs excepitons log as below:

2019-01-08 17:00:20.141 [warning] <0.28461.0> Connection (<0.28461.0>): Certificate chain verification is not enabled for this TLS connection. Please see https://rabbitmq.com/ssl.html for more information.
2019-01-08 17:00:20.144 [warning] <0.28461.0> Connection (<0.28461.0>): Certificate chain verification is not enabled for this TLS connection. Please see https://rabbitmq.com/ssl.html for more information.
2019-01-08 17:00:20.154 [info] <0.28479.0> TLS client: In state hello received SERVER ALERT: Fatal - Insufficient Security

2019-01-08 17:00:20.154 [warning] <0.28461.0> Federation queue 'queue.mgt.channel.2nd' in vhost 'tls-test' did not connect to queue 'queue.mgt.channel.2nd' in vhost 'tls-test' on amqps://11.4.51.25:5671/tls-test
{error,{tls_alert,"insufficient security"}}
2019-01-08 17:00:20.155 [error] <0.28371.0> Supervisor {<0.28371.0>,rabbit_federation_link_sup} had child {upstream,[<<"amqps://tls:tls@11.4.51.25:5651/tls-test">>],
          <<"queue.mgt.channel.2nd">>,<<"queue.mgt.channel.2nd">>,1000,1,5,

however,in host(11.4.51.25 rabbitmq version 3.6.5/elrang version 20.2) i startup upstream-link to host(11.4.51.24) ,it seams normal:

2019-01-08 13:42:24.385 [info] <0.6315.0> accepting AMQP connection <0.6315.0> (11.4.51.25:58570 -> 11.4.51.24:5671)
2019-01-08 13:42:24.386 [info] <0.6315.0> Connection <0.6315.0> (11.4.51.25:58570 -> 11.4.51.24:5671) has a client-provided name: Federation link (upstream: channel2nd-upstream, policy: federation-channel2nd)
2019-01-08 13:42:24.388 [info] <0.6315.0> connection <0.6315.0> (11.4.51.25:58570 -> 11.4.51.24:5671 - Federation link (upstream: channel2nd-upstream, policy: federation-channel2nd)): user 'tls' authenticated and granted access to vhost 'tls-test'

The two nodes have the same rabbitmq-configuration, and this problem “{error,{tls_alert,"insufficient security"}}” puzzled me two days , i don't know what to do now.

thank you

lukebakken commented 5 years ago

Hello,

The RabbitMQ team does not use GitHub issues for discussions or issue diagnosis. Searching the rabbitmq-users mailing list for "insufficient security" should have lead you to this message:

https://groups.google.com/d/topic/rabbitmq-users/3TQFT8jX-bk/discussion

If that is not the cause of your issue, please follow up on the mailing list.