Rabbitmq ssl upgrade error with go client program
68 views
Skip to first unread message
Shravan Ambati
Sep 9, 2015, 8:17:08 PM9/9/15
to rabbitmq-users
Hi
I am trying to connect to rabbitmq over ssl (amqps). The client is go program using the amqp library - https://github.com/streadway/amqp
I get the following error when I try to connect to rabbitmq over ssl -
ERROR
-----------
rabbitmq logs -
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
started SSL Listener on [::]:5671
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
Management plugin started. Port: 15672
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
Statistics database started.
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
Server startup complete; 7 plugins started.
* rabbitmq_management
* rabbitmq_web_dispatch
* webmachine
* mochiweb
* rabbitmq_management_agent
* amqp_client
* rabbitmq_auth_mechanism_ssl
=ERROR REPORT==== 9-Sep-2015::10:56:12 ===
Error on AMQP connection <0.318.0>:
{ssl_upgrade_error,{options,{ciphers, [{ecdhe_ecdsa,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_ecdsa_aes256_sha384},
{ecdhe_rsa_aes256_sha384},
{ecdh_ecdsa_aes256_sha384},
{ecdh_rsa_aes256_sha384},
{dhe_rsa_aes256_sha256},
{dhe_dss_aes256_sha256},
{aes256_sha256},
{ecdhe_ecdsa_aes128_sha256},
{ecdhe_rsa_aes128_sha256},
{ecdh_ecdsa_aes128_sha256},
{ecdh_rsa_aes128_sha256},
{dhe_rsa_aes128_sha256},
{dhe_dss_aes128_sha256},
{aes128_sha256},
{ecdhe_ecdsa_aes256_sha},
{ecdhe_rsa_aes256_sha},
{dhe_rsa_aes256_sha},
{dhe_dss_aes256_sha},
{ecdh_ecdsa_aes256_sha},
{ecdh_rsa_aes256_sha},
{aes256_sha},
{ecdhe_ecdsa_des_cbc3_sha},
{ecdhe_rsa_des_cbc3_sha},
{edh_rsa_des_cbc3_sha},
{edh_dss_des_cbc3_sha},
{ecdh_ecdsa_des_cbc3_sha},
{ecdh_rsa_des_cbc3_sha},
{des_cbc3_sha},
{ecdhe_ecdsa_aes128_sha},
{ecdhe_rsa_aes128_sha},
{dhe_rsa_aes128_sha},
{dhe_dss_aes128_sha},
{ecdh_ecdsa_aes128_sha},
{ecdh_rsa_aes128_sha},
{aes128_sha},
{ecdhe_ecdsa_rc4_sha},
{ecdhe_rsa_rc4_sha},
{rc4_sha},
{rc4_md5},
{edh_rsa_des_cbc_sha},
{ecdh_ecdsa_rc4_sha},
{ecdh_rsa_rc4_sha},
{des_cbc_sha}]}
Error on the go client -
read tcp 68.140.240.146:45585->68.140.240.146:5671: read: connection reset by peer
CONFIGURATION
----------------------------
Rabbitmq version -
=INFO REPORT==== 9-Sep-2015::10:55:56 ===
Starting RabbitMQ 3.5.4 on Erlang R16B03
On the erlang shell
2> ssl:versions().
[{ssl_app,"5.3.2"},
{supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
$ openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1
SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1
ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
oncuelinx@oncuelinx-ThinkPad-T520:~$
rabbitmq config
----------------------
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/etc/ssl/certs/cacert.pem"},
{certfile, "/etc/rabbitmq/ssl/rabbitmq.pem"},
{keyfile, "/etc/rabbitmq/ssl/rabbitmq.key"},
{ciphers, [{ecdhe_ecdsa,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_ecdsa_aes256_sha384},
{ecdhe_rsa_aes256_sha384},
{ecdh_ecdsa_aes256_sha384},
{ecdh_rsa_aes256_sha384},
{dhe_rsa_aes256_sha256},
{dhe_dss_aes256_sha256},
{aes256_sha256},
{ecdhe_ecdsa_aes128_sha256},
{ecdhe_rsa_aes128_sha256},
{ecdh_ecdsa_aes128_sha256},
{ecdh_rsa_aes128_sha256},
{dhe_rsa_aes128_sha256},
{dhe_dss_aes128_sha256},
{aes128_sha256},
{ecdhe_ecdsa_aes256_sha},
{ecdhe_rsa_aes256_sha},
{dhe_rsa_aes256_sha},
{dhe_dss_aes256_sha},
{ecdh_ecdsa_aes256_sha},
{ecdh_rsa_aes256_sha},
{aes256_sha},
{ecdhe_ecdsa_des_cbc3_sha},
{ecdhe_rsa_des_cbc3_sha},
{edh_rsa_des_cbc3_sha},
{edh_dss_des_cbc3_sha},
{ecdh_ecdsa_des_cbc3_sha},
{ecdh_rsa_des_cbc3_sha},
{des_cbc3_sha},
{ecdhe_ecdsa_aes128_sha},
{ecdhe_rsa_aes128_sha},
{dhe_rsa_aes128_sha},
{dhe_dss_aes128_sha},
{ecdh_ecdsa_aes128_sha},
{ecdh_rsa_aes128_sha},
{aes128_sha},
{ecdhe_ecdsa_rc4_sha},
{ecdhe_rsa_rc4_sha},
{rc4_sha},
{rc4_md5},
{edh_rsa_des_cbc_sha},
{ecdh_ecdsa_rc4_sha},
{ecdh_rsa_rc4_sha},
{des_cbc_sha}]},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]},
{auth_mechanisms, ['PLAIN', 'AMQPLAIN']},
{auth_mechanisms, ['EXTERNAL']},
{ssl_handshake_timeout, 10000}
Go version -
$ go version
go version go1.5 linux/amd64
The Go crypto/tls library supports only 3 types of curves -
const (
CurveP256 CurveID = 23
CurveP384 CurveID = 24
CurveP521 CurveID = 25
)
I am stuck with this problem from many days. Is there something wrong with my config ?
Any help is greatly appreciated.
Thanks
I am trying to connect to rabbitmq over ssl (amqps). The client is go program using the amqp library - https://github.com/streadway/amqp
I get the following error when I try to connect to rabbitmq over ssl -
ERROR
-----------
rabbitmq logs -
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
started SSL Listener on [::]:5671
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
Management plugin started. Port: 15672
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
Statistics database started.
=INFO REPORT==== 9-Sep-2015::10:55:57 ===
Server startup complete; 7 plugins started.
* rabbitmq_management
* rabbitmq_web_dispatch
* webmachine
* mochiweb
* rabbitmq_management_agent
* amqp_client
* rabbitmq_auth_mechanism_ssl
=ERROR REPORT==== 9-Sep-2015::10:56:12 ===
Error on AMQP connection <0.318.0>:
{ssl_upgrade_error,{options,{ciphers, [{ecdhe_ecdsa,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_ecdsa_aes256_sha384},
{ecdhe_rsa_aes256_sha384},
{ecdh_ecdsa_aes256_sha384},
{ecdh_rsa_aes256_sha384},
{dhe_rsa_aes256_sha256},
{dhe_dss_aes256_sha256},
{aes256_sha256},
{ecdhe_ecdsa_aes128_sha256},
{ecdhe_rsa_aes128_sha256},
{ecdh_ecdsa_aes128_sha256},
{ecdh_rsa_aes128_sha256},
{dhe_rsa_aes128_sha256},
{dhe_dss_aes128_sha256},
{aes128_sha256},
{ecdhe_ecdsa_aes256_sha},
{ecdhe_rsa_aes256_sha},
{dhe_rsa_aes256_sha},
{dhe_dss_aes256_sha},
{ecdh_ecdsa_aes256_sha},
{ecdh_rsa_aes256_sha},
{aes256_sha},
{ecdhe_ecdsa_des_cbc3_sha},
{ecdhe_rsa_des_cbc3_sha},
{edh_rsa_des_cbc3_sha},
{edh_dss_des_cbc3_sha},
{ecdh_ecdsa_des_cbc3_sha},
{ecdh_rsa_des_cbc3_sha},
{des_cbc3_sha},
{ecdhe_ecdsa_aes128_sha},
{ecdhe_rsa_aes128_sha},
{dhe_rsa_aes128_sha},
{dhe_dss_aes128_sha},
{ecdh_ecdsa_aes128_sha},
{ecdh_rsa_aes128_sha},
{aes128_sha},
{ecdhe_ecdsa_rc4_sha},
{ecdhe_rsa_rc4_sha},
{rc4_sha},
{rc4_md5},
{edh_rsa_des_cbc_sha},
{ecdh_ecdsa_rc4_sha},
{ecdh_rsa_rc4_sha},
{des_cbc_sha}]}
Error on the go client -
read tcp 68.140.240.146:45585->68.140.240.146:5671: read: connection reset by peer
CONFIGURATION
----------------------------
Rabbitmq version -
=INFO REPORT==== 9-Sep-2015::10:55:56 ===
Starting RabbitMQ 3.5.4 on Erlang R16B03
On the erlang shell
2> ssl:versions().
[{ssl_app,"5.3.2"},
{supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
$ openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1
SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1
ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
oncuelinx@oncuelinx-ThinkPad-T520:~$
rabbitmq config
----------------------
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/etc/ssl/certs/cacert.pem"},
{certfile, "/etc/rabbitmq/ssl/rabbitmq.pem"},
{keyfile, "/etc/rabbitmq/ssl/rabbitmq.key"},
{ciphers, [{ecdhe_ecdsa,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_ecdsa_aes256_sha384},
{ecdhe_rsa_aes256_sha384},
{ecdh_ecdsa_aes256_sha384},
{ecdh_rsa_aes256_sha384},
{dhe_rsa_aes256_sha256},
{dhe_dss_aes256_sha256},
{aes256_sha256},
{ecdhe_ecdsa_aes128_sha256},
{ecdhe_rsa_aes128_sha256},
{ecdh_ecdsa_aes128_sha256},
{ecdh_rsa_aes128_sha256},
{dhe_rsa_aes128_sha256},
{dhe_dss_aes128_sha256},
{aes128_sha256},
{ecdhe_ecdsa_aes256_sha},
{ecdhe_rsa_aes256_sha},
{dhe_rsa_aes256_sha},
{dhe_dss_aes256_sha},
{ecdh_ecdsa_aes256_sha},
{ecdh_rsa_aes256_sha},
{aes256_sha},
{ecdhe_ecdsa_des_cbc3_sha},
{ecdhe_rsa_des_cbc3_sha},
{edh_rsa_des_cbc3_sha},
{edh_dss_des_cbc3_sha},
{ecdh_ecdsa_des_cbc3_sha},
{ecdh_rsa_des_cbc3_sha},
{des_cbc3_sha},
{ecdhe_ecdsa_aes128_sha},
{ecdhe_rsa_aes128_sha},
{dhe_rsa_aes128_sha},
{dhe_dss_aes128_sha},
{ecdh_ecdsa_aes128_sha},
{ecdh_rsa_aes128_sha},
{aes128_sha},
{ecdhe_ecdsa_rc4_sha},
{ecdhe_rsa_rc4_sha},
{rc4_sha},
{rc4_md5},
{edh_rsa_des_cbc_sha},
{ecdh_ecdsa_rc4_sha},
{ecdh_rsa_rc4_sha},
{des_cbc_sha}]},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]},
{auth_mechanisms, ['PLAIN', 'AMQPLAIN']},
{auth_mechanisms, ['EXTERNAL']},
{ssl_handshake_timeout, 10000}
Go version -
$ go version
go version go1.5 linux/amd64
The Go crypto/tls library supports only 3 types of curves -
const (
CurveP256 CurveID = 23
CurveP384 CurveID = 24
CurveP521 CurveID = 25
)
I am stuck with this problem from many days. Is there something wrong with my config ?
Any help is greatly appreciated.
Thanks
Michael Klishin
Sep 9, 2015, 8:20:20 PM9/9/15
to rabbitm...@googlegroups.com, Shravan Ambati
On 10 Sep 2015 at 03:17:11, Shravan Ambati (shravan....@gmail.com) wrote:
> Starting RabbitMQ 3.5.4 on Erlang R16B03
This looks like a cipher suite mismatch. I’d recommend Erlang 18, 17.x had multiple
> Starting RabbitMQ 3.5.4 on Erlang R16B03
TLS limitations plugged. And reconsidering listing cipher suites explicitly
(I’m not sure where this list comes from but it doesn’t look terribly
hardened as you allow rc4_md5).
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
Shravan Ambati
Sep 9, 2015, 8:25:51 PM9/9/15
to rabbitmq-users, shravan....@gmail.com
Thanks Michael for the quick response!
I will try with Erlang 18 and let you know.
Thanks
Shravan
I will try with Erlang 18 and let you know.
Thanks
Shravan
Michael Klishin
Sep 9, 2015, 8:27:21 PM9/9/15
to rabbitm...@googlegroups.com, Shravan Ambati
On 10 Sep 2015 at 03:25:54, Shravan Ambati (shravan....@gmail.com) wrote:
> Thanks Michael for the quick response!
> I will try with Erlang 18 and let you know.
I highly recommend trying the default cipher suite list, too, at leas to
> Thanks Michael for the quick response!
> I will try with Erlang 18 and let you know.
narrow down the cause .
Shravan Ambati
Sep 10, 2015, 4:15:38 PM9/10/15
to rabbitmq-users, shravan....@gmail.com
It works now!
Upgrading to erlang 18 worked.
Thanks for all the help Michael!
Upgrading to erlang 18 worked.
Thanks for all the help Michael!
Reply all
Reply to author
Forward
0 new messages