Disabling some of the weak ciphers in Rabbit MQ

[Surabhi Diwan Ahuja]

Hi,

I am trying to get RabbitMQ to support only certain ciphers but making any edits to the rabbitmq.config is not getting reflected in the system as below.

At startup time the rabbitmq.config looks like

[

  {rabbit, [

     {ssl_listeners, [5672]},

    {tcp_listeners, []},

     {ssl_options, [{cacertfile,"/{PATH}/cacert.pem"},

                    {certfile,"{PATH}/server.pem"},

                    {keyfile,"{PATH}/server.pem"},

                    {verify,verify_peer},

                    {fail_if_no_peer_cert,false}]},

     {heartbeat,30}

   ]}

]. 

And the command usr/sbin/rabbitmqctl eval 'ssl:cipher_suites().' lists a whole bunch of ciphers

[{dhe_rsa,aes_256_cbc,sha256},

{dhe_dss,aes_256_cbc,sha256},

{rsa,aes_256_cbc,sha256},

{dhe_rsa,aes_128_cbc,sha256},

{dhe_dss,aes_128_cbc,sha256},

{rsa,aes_128_cbc,sha256},

{dhe_rsa,aes_256_cbc,sha},

{dhe_dss,aes_256_cbc,sha},

{rsa,aes_256_cbc,sha},

{dhe_rsa,'3des_ede_cbc',sha},

{dhe_dss,'3des_ede_cbc',sha},

{rsa,'3des_ede_cbc',sha},

{dhe_rsa,aes_128_cbc,sha},

{dhe_dss,aes_128_cbc,sha},

{rsa,aes_128_cbc,sha},

{rsa,rc4_128,sha},

{rsa,rc4_128,md5},

{dhe_rsa,des_cbc,sha},

{rsa,des_cbc,sha}]

Where is this being read from?

On editing the rabbitmq.config to include the ciphers under ssl_options like below:

[
  {rabbit, [
     {ssl_listeners, [5672]},
     {tcp_listeners, []},
     {ssl_options, [{cacertfile,"/etc/rabbitmq/certs/ca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/certs/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/certs/server/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false},
                    {ciphers,[{dhe_rsa,aes_256_cbc,sha},
                                  {dhe_dss,aes_256_cbc,sha},
                                  {rsa,aes_256_cbc,sha}]}]},
     {heartbeat,30}
   ]}
].

There is not change in the output of the usr/sbin/rabbitmqctl eval 'ssl:cipher_suites().' command.How do I verify that the selected ciphers are being used? Is there a different command to check the config? OR a separate test suite for verifying this?

Thanks a lot for your help!

Surabhi

[Michael Klishin]

On 21 November 2014 at 20:55:24, Surabhi Diwan Ahuja (diwan....@gmail.com) wrote:
> I am trying to get RabbitMQ to support only certain ciphers but
> making any edits to the rabbitmq.config is not getting reflected
> in the system as below.

Make sure RabbitMQ reads your config file (e.g. it is in the correct location). 

It should be visible in the log (and management UI in 3.4.x).
--
MK

Staff Software Engineer, Pivotal/RabbitMQ

[Surabhi Diwan Ahuja]

Hi Michael,

Thanks for the prompt reply. I am also beginning to wonder if my rabbitmq.config is being read at all.

Here is the snapshot from the  rab...@localhost.log after a recent re-start that I triggered.


=INFO REPORT==== 21-Nov-2014::22:51:33 ===
Starting RabbitMQ 3.2.4 on Erlang R16B03
Copyright (C) 2007-2013 GoPivotal, Inc.
Licensed under the MPL.  See http://www.rabbitmq.com/

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
node           : rabbit@localhost
home dir       : /var/lib/rabbitmq
config file(s) : /etc/rabbitmq/rabbitmq.config
cookie hash    : +O1Z+U/2CRBe+vQwVCJeaQ==
log            : /var/log/rabbitmq/rab...@localhost.log
sasl log       : /var/log/rabbitmq/rab...@localhost-sasl.log
database dir   : /var/lib/rabbitmq/mnesia/rabbit@localhost

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
Limiting to approx 99900 file handles (89908 sockets)

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
Memory limit set to 3200MB of 8001MB total.

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
Disk free limit set to 50MB

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
msg_store_transient: using rabbit_msg_store_ets_index to provide index

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
msg_store_persistent: using rabbit_msg_store_ets_index to provide index

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
started SSL Listener on [::]:5672

=INFO REPORT==== 21-Nov-2014::22:51:33 ===
Server startup complete; 0 plugins started.

And the rabbitmq.config has an error just to verify that is being read at all is going on.Looks like the location points to this file. But its contents are not being read. It looks like below :

[
  {rabbit, [
     {ssl_listeners, [5672]},
     {tcp_listeners, []},

     {ssl_options, [{cacertfile,"/etc/apache2/vcacca/cacert.pem"},
                    {certfile,"/etc/apache2/server.pem"},
                    {keyfile,"/etc/apache2/server.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false},
                    {ciphers,[{surabhi,aes_256_cbc,sha}]}
                    ]},
     {heartbeat,30}
   ]}
].

And its permissions are like below
-r--------  1 rabbitmq rabbitmq  456 Nov 21 22:51 rabbitmq.config

It lives inside the /etc/rabbitmq folder with permissions like
drwxr-xr-x  2 root root    4.0K Nov 21 22:57 rabbitmq

Do you think the rabbitmq folder needs to be owned by rabbitmq as well? Or is there something funky going on here.

Thanks a lot!
Surabhi

[Surabhi Diwan Ahuja]

So I do see an error in the logs like

=ERROR REPORT==== 21-Nov-2014::23:09:05 ===
error on AMQP connection <0.953.0>: {ssl_upgrade_error,
                                     {options,
                                      {ciphers,[{surabhi,aes_256_cbc,sha}]}}} (unknown POSIX error)

but the output of  rabbitmqctl eval 'ssl:cipher_suites().'

is still very much the following list.

[{dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {rsa,aes_256_cbc,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {rsa,aes_128_cbc,sha256},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {rsa,aes_256_cbc,sha},
 {dhe_rsa,'3des_ede_cbc',sha},
 {dhe_dss,'3des_ede_cbc',sha},
 {rsa,'3des_ede_cbc',sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {rsa,aes_128_cbc,sha},
 {rsa,rc4_128,sha},
 {rsa,rc4_128,md5},
 {dhe_rsa,des_cbc,sha},
 {rsa,des_cbc,sha}]

...done.

I am having a hard time figuring out where are these ciphers defined.

Thanks again!

[Michael Klishin]

On 21 November 2014 at 23:00:49, Surabhi Diwan Ahuja (diwan....@gmail.com) wrote:
> config file(s) : /etc/rabbitmq/rabbitmq.config

If your config file is in at the above location, it is read.

You're configuring rabbit.ssl_options.ciphers but checking with ssl:cipher_suites/0.
The ssl app doesn't use RabbitMQ configuration. Either configure ssl as well (ssl.ciphers)
or verify with openssl s_client. 

[Surabhi Diwan Ahuja]

Thanks again! Quick question ; which config file is read by the Erlang SSL app? I am guessing that is the place where I add the ssl.ciphers configuration.

Surabhi

[Michael Klishin]

On 24 November 2014 at 22:24:48, Surabhi Diwan Ahuja (diwan....@gmail.com) wrote:
> Quick question ; which config file is read by the Erlang SSL app?
> I am guessing that is the place where I add the ssl.ciphers configuration.

The file is the same. See https://gist.github.com/michaelklishin/3f47bae850bdd9f1a79a,
for example. 

[Michael Klishin]

On 24 November 2014 at 23:39:33, Surabhi Diwan Ahuja (diwan....@gmail.com) wrote:
> > but for some reason the Erlang SSL library command for still
> gives sslv3
>
> /usr/sbin/rabbitmqctl eval 'ssl:versions().'
> [{ssl_app,"5.3.2"},
> {supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},
> {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
> ...done.
>
>
> still gives out a humungous list like below:
>
> vcac148-085-023:/etc/rabbitmq # /usr/sbin/rabbitmqctl
> eval 'ssl:cipher_suites().'

> [{dhe_rsa,aes_256_cbc,sha256},
> {dhe_dss,aes_256_cbc,sha256},
> {rsa,aes_256_cbc,sha256},
> {dhe_rsa,aes_128_cbc,sha256},
> {dhe_dss,aes_128_cbc,sha256},
> {rsa,aes_128_cbc,sha256},
> {dhe_rsa,aes_256_cbc,sha},
> {dhe_dss,aes_256_cbc,sha},
> {rsa,aes_256_cbc,sha},
> {dhe_rsa,'3des_ede_cbc',sha},
> {dhe_dss,'3des_ede_cbc',sha},
> {rsa,'3des_ede_cbc',sha},
> {dhe_rsa,aes_128_cbc,sha},
> {dhe_dss,aes_128_cbc,sha},
> {rsa,aes_128_cbc,sha},
> {rsa,rc4_128,sha},
> {rsa,rc4_128,md5},
> {dhe_rsa,des_cbc,sha},
> {rsa,des_cbc,sha}]

> ...done.
>
>
> Do you know what could be the problem now?

These are supported values. It doesn't mean that they will actually be used by servers that use TLS sockets (e.g. RabbitMQ). Try connecting with -ssl3 with s_client, for example.

Or simply use RabbitMQ 3.4.x, which will refuse to accept connections that use SSLv3 (by default, it can be overridden to allow SSLv3) .

[jayashree gn]

Hi MK, 

Sorry for hijacking this conversation. But it seems like i am running into a similar issue. And i was told that just using RabbitMQ 3.4.x will not be sufficient to disable SSLv3. 

It will also require erlang to be upgraded to R16B03? 

I use rabbitmq debian package(ubuntu 12.4) which my default installs Erlang R14B04.

Is upgrading erlang an only option? Its confusing because there is no reference to this in the documentation. And the changelog states that upding to 3.4.0 provised the fix to turn off sslv3.

I am having hard time to understand what is required and what is not.. to be sure to promote anything to production with SSLv3 turned off. 

Any reference to this which makes this clear will be extremely helpful. 

Thank you!!!

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send an email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Michael Klishin]

On 24 November 2014 at 23:59:43, jayashree gn (jaish...@gmail.com) wrote:
> And i was told that just using RabbitMQ 3.4.x will not be sufficient
> to disable SSLv3.

Who says that?

From https://www.rabbitmq.com/ssl.html:

«As of RabbitMQ 3.4.0, SSLv3 is disabled automatically to prevent the POODLE attack.»

> It will also require erlang to be upgraded to R16B03(http://www.erlang.org/download_release/22)?

But not because of the POODLE disclosure.

 There are plenty of limitations earlier versions have
w.r.t. TLS/SSL support. They are minor but can be a deal breaker and instead of
constantly telling people to upgrade, we simply bumped the requirement for TLS
connections.

[Surabhi Diwan Ahuja]

Thanks Michael,

This really helped me out. Just wondering is there explicit documentation about limiting ciphers on the RabbitMQ . I could not find any :(.

You were a real life saver in this scenario!

--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/bb2gGjO41p0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-user...@googlegroups.com.

[Michael Klishin]

 On 25 November 2014 at 00:45:21, Surabhi Diwan Ahuja (diwan....@gmail.com) wrote:
> This really helped me out. Just wondering is there explicit
> documentation about limiting ciphers on the RabbitMQ . I could
> not find any :(.
>
> You were a real life saver in this scenario!

There's nothing RabbitMQ-specific (although we perhaps should extend our docs).

Take a look at

http://rabbitmq.1065348.n5.nabble.com/Restriction-to-specific-ciphers-for-ssl-communications-td15583.html
https://terinstock.com/blog/2014/07/02/tls-with-erlang.html
http://erlang.org/doc/man/ssl.html

HTH.

[Surabhi Diwan Ahuja]

- I had gone through all these. :( . Unfortunately I did not see anywhere what you had suggested i.e specifying the ciphers in the the ssl descriptor in the rabbitmq.config.

- For the longest time I was trying to determine which config file is read by the erlang ssl library as that would be the most likely candidate for change.

I know writing docs sucks but it is a life saver for everybody!

:)

[Michael Klishin]

On 25 November 2014 at 00:56:36, Surabhi Diwan Ahuja (diwan....@gmail.com) wrote:
> I know writing docs sucks but it is a life saver for everybody!

Already filed a bug for adding a section on ciphers to our docs.

[Surabhi Diwan Ahuja]

Great ! You rock!

[Michael Klishin]

> Who says that?
>
> From https://www.rabbitmq.com/ssl.html:
>
> «As of RabbitMQ 3.4.0, SSLv3 is disabled automatically to prevent
> the POODLE attack.»

I figured you may be referring to OTP-10905 [1] as I myself mention in [2].

That information is correct (hey, I don't typically contradict myself!) but
we added the R16B03 requirement for TLS prior to the POODLE disclosure.

1. http://www.erlang.org/documentation/doc-5.10.2/lib/ssl-5.3/doc/html/notes.html
2. https://gist.github.com/michaelklishin/3f47bae850bdd9f1a79a