Management Plugin TLS error in browser: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

[mywe...@yandex.ru]

Hi, Friends. Could you help me deal with the problem.

I’m trying to configure TLS for the management plugin, but I have difficulty with this. I use documentation http://www.rabbitmq.com/management.html#single-listener-https when I go to https: // prodServerIp: 15671 in the browser I get an error ERR_SSL_VERSION_OR_CIPHER_MISMATCH. /Var/log/rabbitmq/serverName.log contains 2018-12-21 01: 56: 35.526 [info] <0.840.0> TLS server: In state hello at tls_handshake.erl: 200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers

At first I tried to configure TLS on the production server. When I ran into a problem, I tried to do it locally. Error repeated. The only difference is that when I configure TLS on the local host, if I open the https://localhost:15671 link in Firefox, everything works fine! However, if open the link in Chrome, the same error occurs ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Certificates I created according to the documentation http://www.rabbitmq.com/ssl.html#automated-certificate-generation-transcript. My configuration file rabbitmq.conf looks like this

listeners.ssl.default = 5671
ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
ssl_options.certfile = /etc/rabbitmq/certs/server_certificate.pem
ssl_options.keyfile = /etc/rabbitmq/certs/server_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false


management.listener.port = 15671
management.listener.ssl = true
management.listener.ssl_opts.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
management.listener.ssl_opts.certfile = /etc/rabbitmq/certs/server_certificate.pem
management.listener.ssl_opts.keyfile = /etc/rabbitmq/certs/server_key.pem

I tried to find the problem according to the manual http://www.rabbitmq.com/troubleshooting-ssl.html manual.

Certificate Access Rights:

[server @ host] $ ll -a / var / lib / rabbitmq / certs /
total 12
drwxr-xr-x 2 rabbitmq rabbitmq 84 Dec 21 00:25.
drwxr-xr-x 6 rabbitmq rabbitmq 83 Dec 21 00:24 ..
-rw-r - r-- 1 rabbitmq rabbitmq 1196 Dec 21 00:25 ca_certificate.pem
-rw-r - r-- 1 rabbitmq rabbitmq 1298 Dec 21 00:25 server_certificate.pem
-rw-r - r-- 1 rabbitmq rabbitmq 1679 Dec 21 00:25 server_key.pem

Rabbitmq and Zero-Dependency Erlang I installed from Bintray. RabbitMQ 3.7.9, Erlang 21.1.2.

TLS Support Erlang:

Erlang / OTP 21 [erts-10.1.2] [source] [64-bit] [smp: 2: 2] [ds: 2: 2: 10] [async-threads: 1] [hipe]


Eshell V10.1.2 (abort with ^ G)
1> ssl: versions ().
[{ssl_app, "9.0.3"},
 {supported, ['tlsv1.2', 'tlsv1.1', tlsv1]},
 {supported_dtls, ['dtlsv1.2', dtlsv1]},
 {available, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]},
 {available_dtls, ['dtlsv1.2', dtlsv1]}]

I checked the certificates and keys according to the documentation http://www.rabbitmq.com/troubleshooting-ssl.html#openssl-tools. All is well.

I also checked:

[local@host]$ openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
depth=1 CN = TLSGenSelfSignedtRootCA, L = $$$$
verify return:1
depth=0 CN = localhost.localdomain, O = server
verify return:1
---
Certificate chain
 0 s:/CN=localhost.localdomain/O=server
   i:/CN=TLSGenSelfSignedtRootCA/L=$$$$
 1 s:/CN=TLSGenSelfSignedtRootCA/L=$$$$
   i:/CN=TLSGenSelfSignedtRootCA/L=$$$$
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDkjCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAxMSAwHgYDVQQDDBdUTFNH
ZW5TZWxmU2lnbmVkdFJvb3RDQTENMAsGA1UEBwwEJCQkJDAeFw0xODEyMjEwMDE5
MjVaFw0yODEyMTgwMDE5MjVaMDExHjAcBgNVBAMMFWxvY2FsaG9zdC5sb2NhbGRv
bWFpbjEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA6yvYFEMQ7tIfuAr+D2LE26sf2hq94qKrC3RNf0w/cJkwmxo6ufJOwgh8
atoeN1w77tXvXAmssMivUmwWW1Kkq81Cj18gIR5r9Py9C/zIA+HsygLyjPPYYNdH
oqaBA+Ht+ZIA+DooDEWd+Uaz2ZMcxLH68fuBUF5qQ2hgHK7ig3uBU/2eQi8la3NK
yE/OLmLGN8WgDOkhvzle8qDNK498fJ6NXteOdNSx0zNHvJVSBh55v3Za4ji37cR/
IFOekR6DhQydR4EICzUAzutSz+dMZX5SY3zZPSmE/WVUf1BZYJvPk5Orbg2erJK/
t1HrRi76sFVPNGj/gqlVkkGt2rC1AwIDAQABo4G0MIGxMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEIGA1UdEQQ7MDmCFWxvY2Fs
aG9zdC5sb2NhbGRvbWFpboIVbG9jYWxob3N0LmxvY2FsZG9tYWlugglsb2NhbGhv
c3QwHQYDVR0OBBYEFB/Uqhj1PU/4v7LDPGxCic0kOPDjMB8GA1UdIwQYMBaAFMar
hhGgvvoIMP3Fj6rswnhWxih3MA0GCSqGSIb3DQEBCwUAA4IBAQAh/b78tndRHLyW
eAJSm0fdkRjpAjjGOnqcskbGO9rVtUnqO1uxpyOGkxlTFGbWlGmCBuDMa5KbDEdQ
HravoiDoVQfG/gzYxoHMW/NZhjhUKbjKJsyom0MrFJmKTb53hjX2T1R1L4NW/TCV
BNoJPcRcYgU6XrYkPLJfRRX6sStaQ/jv/4JFwd+zQU1kibrqYg9j1MvDQgVxosKA
4FUSHvg+pBG2NSXkoe7i9A8F36RvmA0Aj/UISol8yNZGwUO7zcdgr8DM+3kETUZH
g9AqY2G41uO9P9ThxICizsfMgUjQHi3G2Zr2du9eWcvzsVwEXdPteNqogPeqUNdq
PTeKaFX1
-----END CERTIFICATE-----
subject=/CN=localhost.localdomain/O=server
issuer=/CN=TLSGenSelfSignedtRootCA/L=$$$$
---
Acceptable client certificate CA names
/CN=TLSGenSelfSignedtRootCA/L=$$$$
Client Certificate Types: RSA sign, DSA sign
Requested Signature Algorithms: RSA+SHA512:RSA+SHA384:RSA+SHA256:RSA+SHA224:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:RSA+SHA384:RSA+SHA256:RSA+SHA224:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA512
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 2792 bytes and written 2587 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 90475EEDB1DE60C17BBFDEF376E90EA276BFB1204A84CB2AFE7547041C93F6BD
    Session-ID-ctx:
    Master-Key: 3E51E3D50823BBA413717FC8536643C5C3710022A6DCA5202850AB01F1846DA6CF7778F02D6D5D3863FC90A2A231EA00
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1545358935
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

and

[local@host]$ openssl s_client -connect localhost:15671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
depth=1 CN = TLSGenSelfSignedtRootCA, L = $$$$
verify return:1
depth=0 CN = localhost.localdomain, O = server
verify return:1
---
Certificate chain
 0 s:/CN=localhost.localdomain/O=server
   i:/CN=TLSGenSelfSignedtRootCA/L=$$$$
 1 s:/CN=TLSGenSelfSignedtRootCA/L=$$$$
   i:/CN=TLSGenSelfSignedtRootCA/L=$$$$
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDkjCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAxMSAwHgYDVQQDDBdUTFNH
ZW5TZWxmU2lnbmVkdFJvb3RDQTENMAsGA1UEBwwEJCQkJDAeFw0xODEyMjEwMDE5
MjVaFw0yODEyMTgwMDE5MjVaMDExHjAcBgNVBAMMFWxvY2FsaG9zdC5sb2NhbGRv
bWFpbjEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA6yvYFEMQ7tIfuAr+D2LE26sf2hq94qKrC3RNf0w/cJkwmxo6ufJOwgh8
atoeN1w77tXvXAmssMivUmwWW1Kkq81Cj18gIR5r9Py9C/zIA+HsygLyjPPYYNdH
oqaBA+Ht+ZIA+DooDEWd+Uaz2ZMcxLH68fuBUF5qQ2hgHK7ig3uBU/2eQi8la3NK
yE/OLmLGN8WgDOkhvzle8qDNK498fJ6NXteOdNSx0zNHvJVSBh55v3Za4ji37cR/
IFOekR6DhQydR4EICzUAzutSz+dMZX5SY3zZPSmE/WVUf1BZYJvPk5Orbg2erJK/
t1HrRi76sFVPNGj/gqlVkkGt2rC1AwIDAQABo4G0MIGxMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEIGA1UdEQQ7MDmCFWxvY2Fs
aG9zdC5sb2NhbGRvbWFpboIVbG9jYWxob3N0LmxvY2FsZG9tYWlugglsb2NhbGhv
c3QwHQYDVR0OBBYEFB/Uqhj1PU/4v7LDPGxCic0kOPDjMB8GA1UdIwQYMBaAFMar
hhGgvvoIMP3Fj6rswnhWxih3MA0GCSqGSIb3DQEBCwUAA4IBAQAh/b78tndRHLyW
eAJSm0fdkRjpAjjGOnqcskbGO9rVtUnqO1uxpyOGkxlTFGbWlGmCBuDMa5KbDEdQ
HravoiDoVQfG/gzYxoHMW/NZhjhUKbjKJsyom0MrFJmKTb53hjX2T1R1L4NW/TCV
BNoJPcRcYgU6XrYkPLJfRRX6sStaQ/jv/4JFwd+zQU1kibrqYg9j1MvDQgVxosKA
4FUSHvg+pBG2NSXkoe7i9A8F36RvmA0Aj/UISol8yNZGwUO7zcdgr8DM+3kETUZH
g9AqY2G41uO9P9ThxICizsfMgUjQHi3G2Zr2du9eWcvzsVwEXdPteNqogPeqUNdq
PTeKaFX1
-----END CERTIFICATE-----
subject=/CN=localhost.localdomain/O=server
issuer=/CN=TLSGenSelfSignedtRootCA/L=$$$$
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 2711 bytes and written 607 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 7EFDA1737516E095BCA707388D845ECD88B7915525F407CDCD1F8661063332AD
    Session-ID-ctx:
    Master-Key: 9734F307A2C4C89C466B30B46E69C49E116836BF1CA79428006E220EE30CE71086B048C4B87C028E6D123B9D45605C35
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1545359062
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

RabbitMQ all log:

2018-12-21 01:52:54.063 [info] <0.8.0> Log file opened with Lager
2018-12-21 01:52:56.159 [info] <0.258.0>
 Starting RabbitMQ 3.7.9 on Erlang 21.1.2
 Copyright (C) 2007-2018 Pivotal Software, Inc.
 Licensed under the MPL.  See http://www.rabbitmq.com/
2018-12-21 01:52:56.163 [info] <0.258.0>
 node           : rabbit@localhost
 home dir       : /var/lib/rabbitmq
 config file(s) : /etc/rabbitmq/rabbitmq.conf
 cookie hash    : PzrdC9INMkFje+NTAXd/6A==
 log(s)         : /var/log/rabbitmq/rabbit@localhost.log
                : /var/log/rabbitmq/rabbit@localhost_upgrade.log
 database dir   : /var/lib/rabbitmq/mnesia/rabbit@localhost
2018-12-21 01:52:56.491 [info] <0.285.0> Memory high watermark set to 735 MiB (771152281 bytes) of 1838 MiB (1927880704 bytes) total
2018-12-21 01:52:56.498 [info] <0.287.0> Enabling free disk space monitoring
2018-12-21 01:52:56.498 [info] <0.287.0> Disk free limit set to 50MB
2018-12-21 01:52:56.504 [info] <0.290.0> Limiting to approx 32668 file handles (29399 sockets)
2018-12-21 01:52:56.505 [info] <0.291.0> FHC read buffering:  OFF
2018-12-21 01:52:56.505 [info] <0.291.0> FHC write buffering: ON
2018-12-21 01:52:56.506 [info] <0.258.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2018-12-21 01:52:56.545 [info] <0.258.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2018-12-21 01:52:56.545 [info] <0.258.0> Peer discovery backend rabbit_peer_discovery_classic_config does not support registration, skipping registration.
2018-12-21 01:52:56.547 [info] <0.258.0> Priority queues enabled, real BQ is rabbit_variable_queue
2018-12-21 01:52:56.554 [info] <0.313.0> Starting rabbit_node_monitor
2018-12-21 01:52:56.592 [info] <0.258.0> Management plugin: using rates mode 'basic'
2018-12-21 01:52:56.595 [info] <0.349.0> Making sure data directory '/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L' for vhost '/' exists
2018-12-21 01:52:56.598 [info] <0.349.0> Starting message stores for vhost '/'
2018-12-21 01:52:56.598 [info] <0.353.0> Message store "628WB79CIFDYO9LJI6DKMI09L/msg_store_transient": using rabbit_msg_store_ets_index to provide index
2018-12-21 01:52:56.600 [info] <0.349.0> Started message store of type transient for vhost '/'
2018-12-21 01:52:56.600 [info] <0.356.0> Message store "628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent": using rabbit_msg_store_ets_index to provide index
2018-12-21 01:52:56.602 [info] <0.349.0> Started message store of type persistent for vhost '/'
2018-12-21 01:52:56.612 [warning] <0.393.0> Setting Ranch options together with socket options is deprecated. Please use the new map syntax that allows specifying socket options separately from other options.
2018-12-21 01:52:56.612 [info] <0.407.0> started TCP listener on [::]:5672
2018-12-21 01:52:56.613 [warning] <0.408.0> Setting Ranch options together with socket options is deprecated. Please use the new map syntax that allows specifying socket options separately from other options.
2018-12-21 01:52:56.614 [info] <0.423.0> started TLS (SSL) listener on [::]:5671
2018-12-21 01:52:56.615 [info] <0.258.0> Setting up a table for connection tracking on this node: tracked_connection_on_node_rabbit@localhost
2018-12-21 01:52:56.615 [info] <0.258.0> Setting up a table for per-vhost connection counting on this node: tracked_connection_per_vhost_on_node_rabbit@localhost
2018-12-21 01:52:56.657 [info] <0.475.0> Management plugin: HTTPS listener started on port 15671
2018-12-21 01:52:56.657 [info] <0.582.0> Statistics database started.
2018-12-21 01:52:56.742 [notice] <0.105.0> Changed loghwm of /var/log/rabbitmq/rabbit@localhost.log to 50
2018-12-21 01:52:56.951 [info] <0.8.0> Server startup complete; 3 plugins started.
 * rabbitmq_management
 * rabbitmq_management_agent
 * rabbitmq_web_dispatch
2018-12-21 01:56:35.524 [info] <0.836.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 01:56:35.526 [info] <0.840.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 01:56:35.528 [info] <0.843.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 01:56:35.528 [info] <0.847.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 01:56:36.857 [info] <0.852.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 01:56:36.857 [info] <0.854.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 01:56:36.859 [info] <0.860.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 02:02:43.334 [info] <0.1242.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 02:02:43.335 [info] <0.1245.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 02:02:43.337 [info] <0.1250.0> TLS server: In state hello at tls_handshake.erl:200 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers


2018-12-21 02:22:25.770 [info] <0.2583.0> accepting AMQP connection <0.2583.0> ([::1]:37406 -> [::1]:5671)
2018-12-21 02:22:25.770 [error] <0.2583.0> closing AMQP connection <0.2583.0> ([::1]:37406 -> [::1]:5671):
{handshake_timeout,handshake}

This is all the research that I did. However, I could not deal with the problem. I will be glad to any advice. Thank.

Centos 7. RabbitMQ 3.7.9. Erlang 21.1.2.

[mywe...@yandex.ru]

A small amendment. My rabbitmq.conf

listeners.ssl.default = 5671
ssl_options.cacertfile = /var/lib/rabbitmq/certs/ca_certificate.pem
ssl_options.certfile = /var/lib/rabbitmq/certs/server_certificate.pem
ssl_options.keyfile = /var/lib/rabbitmq/certs/server_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false

management.listener.port = 15671
management.listener.ssl = true

management.listener.ssl_opts.cacertfile = /var/lib/rabbitmq/certs/ca_certificate.pem
management.listener.ssl_opts.certfile = /var/lib/rabbitmq/certs/server_certificate.pem
management.listener.ssl_opts.keyfile = /var/lib/rabbitmq/certs/server_key.pem

[Michael Klishin]

The error says that the client (so, the Web browser) and the server could not agree n a matching TLS

version or cipher suite.

What cipher suites are available depends on the Erlang version used (and even a specific build). RabbitMQ supports TLSv1 through v1.2 by default.

[1][2][3][4] are equally applicable for the HTTP API listener except that Web browsers may or may not send a certificate.

So start with [4] and consider mentioning what Web browser that is, what Erlang version is used, what cipher suites

are available (see the docs) and so on.

1. http://www.rabbitmq.com/ssl.html#tls-versions

2. http://www.rabbitmq.com/ssl.html#cipher-suites

3. http://www.rabbitmq.com/ssl.html#tls-evaluation-tools

4. http://www.rabbitmq.com/troubleshooting-ssl.html

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

[mywe...@yandex.ru]

More small studies have shown that the SSL_ERROR_INSUFFICIENT_SECURITY_ALERT error occurs in Firefox version 60. In the version of Firefox 64. Everything is working fine.

  

I continue to study the issue.

пятница, 21 декабря 2018 г., 9:48:19 UTC+7 пользователь mywe...@yandex.ru написал:

[Павел Полушин]

Hi there.

I came here from same SO thread https://stackoverflow.com/questions/53905030/how-to-add-cipher-suites-support-for-rabbitmq/53908443#53908443.

I tried to add cipher suites via config file as Luke Bakken adviced.

I did it in way like:

management.listener.ssl_opts.ciphers.1  = ECDHE-ECDSA-AES256-GCM-SHA384
management.listener.ssl_opts.ciphers.2  = ECDHE-RSA-AES256-GCM-SHA384
management.listener.ssl_opts.ciphers.3  = ECDHE-ECDSA-AES256-SHA384
management.listener.ssl_opts.ciphers.4  = ECDHE-RSA-AES256-SHA384
management.listener.ssl_opts.ciphers.5  = ECDH-ECDSA-AES256-GCM-SHA384
management.listener.ssl_opts.ciphers.6  = ECDH-RSA-AES256-GCM-SHA384
management.listener.ssl_opts.ciphers.7  = ECDH-ECDSA-AES256-SHA384
management.listener.ssl_opts.ciphers.8  = ECDH-RSA-AES256-SHA384
management.listener.ssl_opts.ciphers.9  = DHE-RSA-AES256-GCM-SHA384
management.listener.ssl_opts.ciphers.10 = DHE-DSS-AES256-GCM-SHA384

........ 

But with these settings RMQ server just crashes on start with no logs.

 

[Michael Klishin]

RabbitMQ very rarely “crashes with no logs”.

New style config format supports cipher suites as of 3.7.9. Earlier versions will reject

the config as it would contain unrecognized keys but there will be a standard error message about that (but no log entries since the node did not even begin booting).

--

[Michael Klishin]

Also, consider starting new threads instead of posting to existing ones, even

if they seem related. Thank you.

On 24 Dec 2018, at 11:33, Павел Полушин <pawe...@gmail.com> wrote:

--

[Павел Полушин]

Ok so, can we continue this discussion here?

I faced this issue with RMQ 3.7.9 and Erlnag 21.2.

With RMQ 3.7.8 and Erlang 21.1 everything was fine.

What I get now when trying to start node with ciphers options

rabbitmq-server.service - RabbitMQ broker
   Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; disabled; vendor preset: disabled)
   Active: activating (start) since Tue 2018-12-25 10:09:56 MSK; 1s ago
  Process: 200884 ExecStop=/usr/sbin/rabbitmqctl shutdown (code=exited, status=69)
 Main PID: 201007 (beam.smp)
   CGroup: /system.slice/rabbitmq-server.service
           ├─201007 /usr/lib64/erlang/erts-10.2/bin/beam.smp -W w -A 64 -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 3...
           ├─201204 /usr/lib64/erlang/erts-10.2/bin/epmd -daemon
           ├─201366 erl_child_setup 32768
           ├─201389 /bin/sh -s unix:cmd
           ├─201390 /usr/lib/rabbitmq/bin/cuttlefish -B -S 1 -A 0 -- -root /usr/lib64/erlang -progname erl -- -home /var/lib/rabbitmq --...
           └─201396 erl_child_setup 32768

[Michael Klishin]

Please follow the rules of the list: one question per thread.

--

You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.