portertech
commented
7 years ago Eventmachine TLS and cipher support has been improved. The issues we see today, similar to this, are due to RabbitMQ and Erlang cipher issues/mismatch.
Closed sigil66 closed 7 years ago
portertech
commented
7 years ago Eventmachine TLS and cipher support has been improved. The issues we see today, similar to this, are due to RabbitMQ and Erlang cipher issues/mismatch.
This is probably more of an event machine issue but:
If the following is set on rabbitmq:
[ {rabbit, [ {ssl_listeners, [5671]}, {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"}, {certfile,"/etc/rabbitmq/ssl/cert.pem"}, {keyfile,"/etc/rabbitmq/ssl/key.pem"}, {versions, ['tlsv1.2', 'tlsv1.1', tlsv1]} {verify,verify_peer}, {fail_if_no_peer_cert,true}]} ]} ].
The transport will fail to connect leaving the following error in the rabbit log:
{ssl_upgrade_error, {eoptions,{'tlsv1.2',{versions,['tlsv1.2','tlsv1.1',tlsv1]}}}}