RabbitMQ java client is not able to connect with TLS
Rupali Roychoudhury
Goal: I am researching on RabbitMQ's passwordless authentication. My aim is for a simple java client to connect to RabbitMQ server with TLS
Platform:
- rabbit-server version 3.7.7
- erlang version 21.0.1
Steps taken according to the documentation:
I am referring to the documentation at https://www.rabbitmq.com/ssl.html
1) I have generated CA, Certificates, private keys as mentioned in (https://www.rabbitmq.com/ssl.html#manual-certificate-generation)
2) The essential settings related to TLS is done in rabbitmq.config as follows (https://www.rabbitmq.com/ssl.html#enabling-tls):
[{
rabbit, [
{
tcp_listeners, [5672]
},{
tcp_listeners, [{"127.0.0.1", 5672},
{"::1", 5672}]
},
{password_hashing_module, rabbit_password_hashing_sha512},
{auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/path/to/ca_certificate_bundle.pem"},
{certfile, "/path/to/server_certificate.pem"},
{keyfile, "/path/to/server/private_key.pem"},
{password, "password"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]}
]
}].
3) I have verified that TLS is enabled in the log file (https://www.rabbitmq.com/ssl.html#enabling-tls-verify-configuration)
4) I am setting up a simple example java client to RabbitMQ server over TLS without validating certificates as mentioned in https://www.rabbitmq.com/ssl.html#java-client-connecting
Issue:
After I run the code, I get an ssl exception as follows:
Exception in thread "main" javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:147)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:153)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:285)
at com.rabbitmq.client.impl.recovery.RecoveryAwareAMQConnectionFactory.newConnection(RecoveryAwareAMQConnectionFactory.java:62)
at com.rabbitmq.client.impl.recovery.AutorecoveringConnection.init(AutorecoveringConnection.java:99)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:900)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:859)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:817)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:954)
at Example1.main(Example1.java:17)
In Example1.java the line fails at Connection conn = factory.newConnection();
I have searched on the net for this exception, but the solutions offered do not seem to be related. Can you please tell me where I am going wrong?
Luke Bakken
Specifically, use openssl s_client to ensure that RabbitMQ is listening on port 5671 and that the expected server certificate is presented.
Michael Klishin
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--