jonasbadstuebner
commented
1 month ago The error message was no_suitable_signature_algorithm
Open jonasbadstuebner opened 1 month ago
jonasbadstuebner
commented
1 month ago The error message was no_suitable_signature_algorithm
michaelklishin
commented
1 month ago Unfortunately, it is comically difficult to find definitive documentation on how to enable ECC cipher suites.
Once that is figured out, doing it on the PerfTest side should not take much effort and anyone (well, anyone willing to work in Java I guess) should be able to contribute it.
michaelklishin
commented
1 month ago This relatively old article can still be quite relevant.
acogoluegnes
commented
1 month ago You should be able to set TLS-related system properties from the command line. This configures the default SSLContext and PerfTest should use it automatically because it detects TLS system properties have been set.
If there is no way to configure this from the command line with system properties, we can consider a PR that adds a new PertTest command line argument and uses it to programmatically configure the SSLContext.
Is your feature request related to a problem? Please describe.
We ran into an issue when using perf-test with a RabbitMQ-Cluster that uses ECDSA TLS certificates. As far as we found out, only RSA is supported by perf-test, not ECDSA, even though the Java lib in use has support for it somehow.
Describe the solution you'd like
Support any of these cipher suites: https://www.rabbitmq.com/docs/ssl#evaluation-of-a-tls-12-setup-with-restricted-cipher-suites
I didn't look in the code and did not find the default values for the ciphers, maybe they can all be added explicitly or something?
Describe alternatives you've considered
Changing to RSA works.
Additional context
No response