Peer verification not working with TLSv1.2

[Martin Hinchy]

Hi All,

We had a strange problem recently where clients could not connect to a RabbitMQ broker with peer verification enabled if the client specified the TLSv1.2 protocol, but connections worked OK if the client specified TLSv1.1 or TLSv1.3. The only way to fix the problem was to update the RabbitMQ.conf file to include ssl_options.versions.1 = tlsv1.2.

Without this setting in the config file it appears that the broker is sending the client a badly formed TCP packet during the TLS handshake. The client (C# application using RabbitMQ .NET client V5.2.0) throws a RabbitMQ.Client.BrokerUnreachableException: None of the specified endpoints were reachable -> System.AggregateException: One or more errors occurred ---> System .Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ----> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.

The problem can also be reproduced using openssl (version 1.1.1d) as the client. The following two openssl commands worked:

• openssl s_client -connect <Broker IP Address>:5671 -cert <Client certificate file> -key <Client certificate key> -tls1_1
• openssl s_client -connect <Broker IP Address>:5671 -cert <Client certificate file> -key <Client certificate key> -tls1_3

The following openssl command failed:

• openssl s_client -connect <Broker IP Address>:5671 -cert <Client certificate file> -key <Client certificate key> -tls1_2

openssl failed with:

• 21124:error:14169168:SSL routines:tls_process_certificate_request:signature algorithms error:ssl\statem\statem_clnt.c:2530:

 

A WireShark capture of the TLS handshake shows that the Certificate Request portion of the message sent by the broker to the client does not contain any signature hash algorithms.

The broker environment was setup as follows:

• RabbitMQ broker
  • OS: Windows Server 2019 Standard
  • Erlang: 24.1
  • RabbitMQ: 3.9.7

 

The RabbitMQ.conf file contained the following entries:

listeners.ssl.default = 5671

auth_mechanisms.1 = EXTERNAL

auth_mechanisms.2 = PLAIN

auth_mechanisms.3 = AMQPLAIN

ssl_options.cacertfile = <Path to certificate bundle>

ssl_options.certfile = <Path to server certificate>

ssl_options.keyfile = <Path to key file>

ssl_options.password = <Key file password goes here>

ssl_options.verify = verify_peer

ssl_options.fail_if_no_peer_cert = true

 

Peer verification using TLSv1.2 would only work after we updated the RabbitMQ.conf file to include ssl_options.versions.1 = tlsv1.2.

Peer verification using TLSv1.2 would also fail if we added the following to the conf file:

ssl_options.versions.1 = tlsv1.1

ssl_options.versions.2 = tlsv1.2

ssl_options.versions.3 = tlsv1.3

  

Is this expected behaviour with the RabbitMQ broker?

Regards

Martin

[Martin Hinchy]

Here is a snip of the Wireshark capture showing part of the TLS handshake message sent from broker to client when tls1.2 was not specified in the RabbitMQ.conf file. No hash algorithms are incuoded in the message.

Here is snip of the Wireshark capture after tls1.2 was added to the RabbitMQ.conf file. This time there are 11 hash algorithms specified.

[Luke Bakken]

Hi Martin,

I plan on taking a look at this within the next week using the latest versions of Erlang (24.1.7) and RabbitMQ (3.9.11). I think there have been TLS related fixes in Erlang since 24.1 that may affect this.

[Luke Bakken]

Hi Martin,

I can reproduce the error using Erlang 24.1 on Windows 10, and the issue appears to be resolved using the latest version of Erlang, 24.1.7.

In the future, refer to this page for the latest Windows binaries as well as release notes:

https://erlang.org/download/otp_versions_tree.html

http://erlang.org/download/OTP-24.1.3.README

Please give version 24.1.7 a try in your environment.

Thanks,

Luke