haiyangu
commented
6 years ago If we use rabbitmq-peer-discovery-k8s, and want to configure the default cipher suites, can this be configured in asvanced.config?
Open michaelklishin opened 6 years ago
haiyangu
commented
6 years ago If we use rabbitmq-peer-discovery-k8s, and want to configure the default cipher suites, can this be configured in asvanced.config?
michaelklishin
commented
6 years ago @haiyangu this is not a support forum.
As the issue states, it comes down to Erlang HTTP client (httpc) configuration which supports all the same options as other TLS clients (and servers) in Erlang.
lukebakken
commented
5 years ago it is possible to configure httpc via the advanced.config file
This doesn't appear to be the case, see rabbitmq/rabbitmq-peer-discovery-common#9
michaelklishin
commented
4 years ago This is done for etcd (which no longer is HTTP1.1-based) but we have found out that some code changes may be necessary to make this easy for other mechanisms.
lukebakken
commented
4 months ago These settings need to be documented as well:
https://github.com/rabbitmq/rabbitmq-server/pull/5155
A user ran into an issue with a CA cert in this discussion: https://github.com/docker-library/rabbitmq/discussions/709
Several peer discovery plugins use HTTP to communicate with their services and there is currently no clear explanation in the docs as to how to configure client TLS options (certificate, private key, verification depth, SNI target and so on) for HTTPS, which leads to questions such as https://github.com/rabbitmq/rabbitmq-peer-discovery-consul/issues/14.
Even before https://github.com/rabbitmq/rabbitmq-peer-discovery-common/issues/6 is addressed a doc example can be provided since it is possible to configure
httpcvia theadvanced.configfile.