Attempt TLS Connection to Broker failed with error - read:errno=104

952 views
Skip to first unread message

Suvarnnan Vasudev

unread,
May 9, 2019, 2:31:58 AM5/9/19
to rabbitmq-users
Hi,

   We have been trying to connect to RabbitMQ broker using webstomp protocol in secure mode.

We have done following 
1) Simply started RabbitMQ server with attached the rabbitmq.conf.

Observation:- Connection is working and Angular client is getting posted queue messages.

Now we changed to SSL mode .and following steps were tried out 
1)RabbitMq server configured with ssl options with genertaed certificates as specified by RabbitMQ documentation
2) tried secure webscocket connection to RabbitMQ using brokerURL: 'wss://127.0.0.1:15673/ws',
   But connection establishment failed..
   
We tried TLS troubleshooting options (https://www.rabbitmq.com/troubleshooting-ssl.html)
1) Verified our certificates using tools like s_server  and s-client  
2) Tried to connect s_client to RabbitMq ssl port

 Step1 is passing step2 we got error - read:errno=104

C:\Users\IC002275>openssl s_client -connect localhost:5671 -cert D:\sprint43\tls-gen-master\result\client_certificate.pem -key D:\sprint43\tls-gen-master\result\client_key.pem -CAfile D:\sprint43\tls-gen-master\result\ca_certificate.pem
CONNECTED(00000004)
depth=1 CN = TLSGenSelfSignedtRootCA, L = $$$$
verify return:1
depth=0 CN = md1uu1ec, O = server
verify return:1
---
Certificate chain
 0 s:CN = md1uu1ec, O = server
   i:CN = TLSGenSelfSignedtRootCA, L = $$$$
 1 s:CN = TLSGenSelfSignedtRootCA, L = $$$$
   i:CN = TLSGenSelfSignedtRootCA, L = $$$$
---
Server certificate
subject=CN = md1uu1ec, O = server

issuer=CN = TLSGenSelfSignedtRootCA, L = $$$$

---
Acceptable client certificate CA names
CN = TLSGenSelfSignedtRootCA, L = $$$$
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3611 bytes and written 3669 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: D84EF0A2D932FE83764818EAD06674271BC8259892EBB56118F96CD4783DA480
    Session-ID-ctx:
    Master-Key: 3F84DED5ACF6780185188A04D511A39648816348BC9624DDAAE551096CA2B0191BE0CEBAA8B5393C279BD7DD277B6BC1
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1557381400
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
read:errno=104


Our goal is to achieve Angular client connecting to RabbitMQ server using secure websocket.
Could you please give any hint for solving the issue mentioned or any examples of using secure WebSocket connection to RabbitMQ server?

Regards
Suvarnnan
rabbitmq.conf

Michael Klishin

unread,
May 13, 2019, 4:30:53 PM5/13/19
to rabbitmq-users
A quick search suggests that errno = 104 means "TCP connection failed". The messages seems to suggest the same.
Start with [1].


--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/ebb3f727-8594-4540-bd44-3a8da8606b50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
MK

Staff Software Engineer, Pivotal/RabbitMQ
Reply all
Reply to author
Forward
0 new messages