rabbitmq_web_mqtt ssl not working
214 views
Skip to first unread message
jonas S.
Feb 14, 2017, 3:38:29 PM2/14/17
to rabbitmq-users
I'm trying to get ssl websockets to work. (wss://)
I'm recieving "net::ERR_CONNECTION_CLOSED", I'm not sure what i'm doing wrong. There aren't really any docs so I based my configuration on the docs for stomp, but this doesn't seem to work either.
For the ssl certificate, I used the openssl example in the docs.
This is my rabbitmq config.
[ {rabbit, [ {ssl_listeners, [5671]}, {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/testca/cacert.pem"}, {certfile,"/etc/rabbitmq/ssl/server/cert.pem"}, {keyfile,"/etc/rabbitmq/ssl/server/key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]} ]}, {rabbitmq_mqtt, [ {ssl_listeners, [8883]}, {tcp_listeners, [1883]} ]}, {rabbitmq_web_mqtt, [{ssl_config, [{port, 15678}, {backlog, 1024}, {cacertfile,"/etc/rabbitmq/ssl/testca/cacert.pem"}, {certfile,"/etc/rabbitmq/ssl/server/cert.pem"}, {keyfile,"/etc/rabbitmq/ssl/server/key.pem"}, {password,"rabbitmq"}]}]}].
This is my javascript.
const client = mqtt.connect('wss://[IP_ADDRESS]:15678/ws', {
username: "---",
password: "---"
});
client.on('connect', function () {
console.log("Connected to Websocket");
client.subscribe('frontend');
});
Does anyone know what could be the issue?
Michael Klishin
Feb 14, 2017, 3:56:33 PM2/14/17
to rabbitm...@googlegroups.com
1. See server logs.
2. See http://www.rabbitmq.com/troubleshooting-ssl.html (the port will need adjustment, of course)
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
MK
Staff Software Engineer, Pivotal/RabbitMQ
jonas S.
Feb 15, 2017, 5:19:52 AM2/15/17
to rabbitmq-users
This is my error report. I'm recieving this error without a client connecting, i believe.
=ERROR REPORT==== 15-Feb-2017::11:11:06 ===** State machine <0.2817.0> terminating ** Last message in was {tcp,#Port<0.25347>, <<22,3,1,0,186,1,0,0,182,3,3,202,254,122,243,10, 143,77,96,74,148,234,56,101,33,100,10,12,82,180, 49,35,12,170,15,184,68,13,94,253,222,57,26,0,0, 32,202,202,192,43,192,47,192,44,192,48,204,169, 204,168,204,20,204,19,192,19,192,20,0,156,0,157, 0,47,0,53,0,10,1,0,0,109,122,122,0,0,255,1,0,1, 0,0,0,0,22,0,20,0,0,17,118,112,115,49,55,55,56, 48,48,46,111,118,104,46,110,101,116,0,23,0,0,0, 35,0,0,0,13,0,20,0,18,4,3,8,4,4,1,5,3,8,5,5,1,8, 6,6,1,2,1,0,5,0,5,1,0,0,0,0,0,18,0,0,117,80,0,0, 0,11,0,2,1,0,0,10,0,10,0,8,250,250,0,29,0,23,0, 24,250,250,0,1,0>>}** When State == hello** Data == {state,server, {#Ref<0.0.0.10665>,<0.2820.0>}, gen_tcp,tls_connection,tcp,tcp_closed,tcp_error, "localhost",15678,#Port<0.25347>, {ssl_options,undefined, [{3,3},{3,2},{3,1},{3,0}], verify_none, {#Fun<ssl.1.69131459>,[]}, false,false,undefined,1, <<"/etc/rabbitmq/ssl/server/cert.pem">>,undefined, <<"/etc/rabbitmq/ssl/server/key.pem">>,undefined, undefined,undefined, <<"/etc/rabbitmq/ssl/testca/cacert.pem">>,undefined, undefined,undefined,undefined,undefined, [<<"À$">>,<<"À(">>,<<"À&">>,<<"À*">>, <<0,107>>, <<0,106>>, <<0,61>>, <<"À#">>,<<"À'">>,<<"À%">>,<<"À)">>, <<0,103>>, <<0,64>>, <<0,60>>, <<"À\n">>, <<192,20>>, <<0,57>>, <<0,56>>, <<192,5>>, <<192,15>>, <<0,53>>, <<"À\b">>, <<192,18>>, <<0,22>>, <<0,19>>, <<192,3>>, <<"À\r">>, <<0,10>>, <<"À\t">>, <<192,19>>, <<0,51>>, <<0,50>>, <<192,4>>, <<192,14>>, <<0,47>>, <<192,7>>, <<192,17>>, <<0,5>>, <<0,4>>, <<0,21>>, <<192,2>>, <<"À\f">>, <<0,9>>], #Fun<ssl.0.69131459>,true,268435456,false,undefined, undefined,false,undefined,undefined,true,undefined}, {socket_options,binary,0,0,0,false}, {connection_states, {connection_state, {security_parameters, <<0,0>>, 0,0,0,0,0,0,0,0,0,0,0,undefined,undefined, undefined,undefined}, undefined,undefined,undefined,undefined,0, undefined,undefined,undefined}, {connection_state, {security_parameters,undefined,0,undefined, undefined,undefined,undefined,undefined, undefined,undefined,undefined,undefined, undefined,undefined,undefined, <<88,164,41,58,70,27,46,123,172,56,115,169, 238,205,212,228,35,66,211,233,166,81,157,39, 197,109,131,227,243,167,142,136>>, undefined}, undefined,undefined,undefined,undefined, undefined,undefined,undefined,undefined}, {connection_state, {security_parameters, <<0,0>>, 0,0,0,0,0,0,0,0,0,0,0,undefined,undefined, undefined,undefined}, undefined,undefined,undefined,undefined,0, undefined,undefined,undefined}, {connection_state, {security_parameters,undefined,0,undefined, undefined,undefined,undefined,undefined, undefined,undefined,undefined,undefined, undefined,undefined,undefined, <<88,164,41,58,70,27,46,123,172,56,115,169, 238,205,212,228,35,66,211,233,166,81,157,39, 197,109,131,227,243,167,142,136>>, undefined}, undefined,undefined,undefined,undefined, undefined,undefined,undefined,undefined}}, {protocol_buffers,[],<<>>,<<>>,[]}, {[],[]}, 118843, {session,undefined,undefined, <<48,130,2,234,48,130,1,210,160,3,2,1,2,2,1,1,48,13,6, 9,42,134,72,134,247,13,1,1,11,5,0,48,19,49,17,48,15, 6,3,85,4,3,19,8,77,121,84,101,115,116,67,65,48,30, 23,13,49,55,48,50,49,53,48,57,51,53,49,54,90,23,13, 49,56,48,50,49,53,48,57,51,53,49,54,90,48,45,49,26, 48,24,6,3,85,4,3,12,17,118,112,115,49,55,55,56,48, 48,46,111,118,104,46,110,101,116,49,15,48,13,6,3,85, 4,10,12,6,115,101,114,118,101,114,48,130,1,34,48,13, 6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,0,48, 130,1,10,2,130,1,1,0,187,44,37,227,3,202,40,86,199, 219,70,245,228,25,213,199,181,178,67,32,20,210,93, 144,33,250,67,150,35,28,144,117,25,106,113,166,113, 221,47,177,226,47,167,174,112,64,197,115,144,155, 144,201,21,186,3,123,188,147,37,46,179,13,134,88, 168,217,173,59,26,4,117,36,17,180,212,166,85,250, 184,161,251,47,211,41,157,166,75,13,84,254,253,120, 213,169,220,223,35,64,126,206,200,236,54,61,151,137, 128,65,245,128,56,212,236,211,127,154,163,69,208, 104,246,36,214,229,162,121,121,36,6,216,163,139,162, 194,220,128,184,150,123,62,78,209,166,175,30,235,31, 192,246,99,254,128,15,198,97,3,196,251,158,64,76, 175,152,243,189,96,154,236,191,75,250,133,134,27, 133,116,60,190,17,242,40,70,243,108,248,98,0,167,72, 158,228,195,33,64,80,219,208,112,140,69,184,162,171, 193,63,58,108,10,62,241,39,126,158,7,148,154,47,159, 4,228,217,110,162,228,118,117,247,134,157,15,178, 196,245,173,71,214,93,85,178,169,54,205,149,106,76, 50,160,120,177,8,12,139,21,11,222,49,2,3,1,0,1,163, 47,48,45,48,9,6,3,85,29,19,4,2,48,0,48,11,6,3,85,29, 15,4,4,3,2,5,32,48,19,6,3,85,29,37,4,12,48,10,6,8, 43,6,1,5,5,7,3,1,48,13,6,9,42,134,72,134,247,13,1,1, 11,5,0,3,130,1,1,0,10,28,240,165,217,245,15,3,171, 163,32,218,86,180,188,1,3,119,112,111,108,201,186, 235,48,19,250,51,63,167,59,79,73,173,105,55,4,76, 230,60,209,112,31,166,24,59,230,226,80,80,200,51,42, 192,125,67,111,158,74,191,90,86,51,175,199,12,182, 88,126,202,84,85,99,111,211,237,59,151,136,42,241, 101,58,213,65,23,115,219,146,7,61,75,108,246,163, 110,105,211,213,81,18,101,85,164,132,142,89,123,67, 61,202,206,141,2,122,119,76,206,54,117,57,204,122, 81,36,55,228,186,197,189,151,33,138,159,117,146,68, 107,126,76,16,151,75,105,86,245,197,150,115,124,92, 51,108,29,129,21,187,27,84,149,64,192,217,168,68, 147,122,22,165,244,137,149,76,76,233,204,67,153,243, 10,214,35,153,167,177,107,152,189,21,13,179,213,91, 106,59,69,213,107,18,203,88,226,230,52,155,49,177, 254,96,218,47,21,244,109,16,233,45,193,145,35,142, 12,211,225,242,139,125,167,53,205,192,254,175,88, 106,27,147,206,164,244,11,203,104,115,212,180,177, 159,201,143,69,94,62,60,133,64>>, undefined,undefined,undefined,undefined,new, 63654376266,undefined}, 131134,ssl_session_cache,undefined,false,undefined, {undefined,undefined}, undefined,undefined, {'RSAPrivateKey','two-prime', 23628333216482449263100801346041046458605837360736067303502700653356414111130055741504877789659742695747526781310615107848526513810978179657465359728422586958780232267756255863872960778468493590458388646328093419093643378901034509635476889605848490550631688364208759654475517804187545112508374653254807115603855141930239198558346295932046596372986178217331814609167917483390820779008555735142826304539057368048859495700967105791816939034134948282230388585727390771744486047814201954415609097430922790704219457963602606554105912338544593784024729503338978671223867135504758845262725526455652286349376879050888760254001, 65537, 620839980450474962708997664187904267844412346234760637451083365504672858070493858230791759674597203443508874642062944835973002377016104267362792765191322378854991225797278981302000983574511283134250045760058850232376427033089421633463405464108383061906827705924401240902190238473090814101033327019924284802009691598241277889849287731481804437013291879141839619424031736553732639311532896609123697692906630118409182525470913121248873439843280815620181498646253584567868795715280757143179202551076721232363967288586976238005936262217710733265083944479838092026930158999885884892138084644227087349980523571083814944865, 154057648579312288433880379904840349559008454909397225844804469053596770036288948138643208894737576233842143388413145843617099284719084198298890452539593927928842456410519356351744378625258316828235504896452955159132908122890438923935262784468283528621715371325616084960106711214598952008963640285495467726053, 153373321184491922030435262871711082346966578149047384372608996612499280424106830516297047038035344619789364407915613126313998502604543054140653257009213120340372241350050204978768669101881036358308387334208500576044406760972326563925816039791049940994183221568503249166699155932859011659998852425021643258717, 96782909002661787072946930763417411111944338397084129308364581837354261194959924512324613525399934215782668226921373280336347586103332996816484088560052507754189261262094739455788631715811456436091249333914598925977998584549874900838650523553537229968006855184373185375856592674786274197980545307756220107985, 34174750282392168353913760833049986046244914181462974411297575072589941438168241543395116924736105367697393662340230686231645026985277663298838206083670891196277764322974550914826111584216072965506162629376485556433411232288308662480868694463718239900179403765275385623103098617384685708393170910517586348277, 100697210112134150658137841211778175221595545738781004234912981023346782790448616501566708230687173897249857191786776384024978908433188299540473084828419975445121871546234912325993203146588307820932382917925349183410122652620389040470815289423959055853135674182928206721652543391718997386058967952353671292689, asn1_NOVALUE}, {'DHParameter', 179769313486231590770839156793787453197860296048756011706444423684197180216158519368947833795864925541502180565485980503646440548199239100050792877003355816639229553136239076508735759914822574862575007425302077447712589550957937778424442426617334727629299387668709205606050270810842907692932019128194467627007, 2,asn1_NOVALUE}, undefined,undefined,undefined,undefined,undefined,122940, #Ref<0.0.0.10660>,undefined,<<>>, {false,first}, {<0.2820.0>,#Ref<0.0.0.10666>}, #Ref<0.0.0.10668>, {[],[]}, false,true,false,undefined,undefined}** Reason for termination = ** {function_clause,[{ssl_cipher,hash_algorithm,"\b", [{file,"ssl_cipher.erl"},{line,1174}]}, {ssl_handshake,'-dec_hello_extensions/2-blc$^0/1-1-',1, [{file,"ssl_handshake.erl"},{line,1645}]}, {ssl_handshake,'-dec_hello_extensions/2-blc$^0/1-1-',1, [{file,"ssl_handshake.erl"},{line,1646}]}, {ssl_handshake,dec_hello_extensions,2, [{file,"ssl_handshake.erl"},{line,1645}]}, {tls_handshake,decode_handshake,3, [{file,"tls_handshake.erl"},{line,182}]}, {tls_handshake,get_tls_handshake_aux,3, [{file,"tls_handshake.erl"},{line,153}]}, {tls_connection,next_state,4, [{file,"tls_connection.erl"},{line,454}]}, {gen_fsm,handle_msg,7, [{file,"gen_fsm.erl"},{line,505}]}]}To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Klishin
Feb 15, 2017, 5:32:40 AM2/15/17
to rabbitm...@googlegroups.com
WebSockets handler in the plugin terminates with an exception.
Why do some of the TLS options have a key password and others don't?
jonas S.
Feb 15, 2017, 7:47:34 AM2/15/17
to rabbitmq-users
I've tried several configurations, this was the last one. I tried with and without password, one with password, one without. It doesn't change anything.
Michael Klishin
Feb 15, 2017, 8:54:43 AM2/15/17
to rabbitm...@googlegroups.com
It's not a guessing game. Does the private key have a passphrase or not?
Michael Klishin
Feb 15, 2017, 8:59:55 AM2/15/17
to rabbitm...@googlegroups.com
So the root of this exception is in the ssl app in Erlang:
> ** {function_clause,[{ssl_cipher,hash_algorithm,"\b",
> [{file,"ssl_cipher.erl"},{line,1174}]},
which accepts a range of values but not '\b':
https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_cipher.erl#L1668
I recommend trying a different Erlang version and a different browser to compare.
https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_cipher.erl#L1668
I recommend trying a different Erlang version and a different browser to compare.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
jonas S.
Feb 15, 2017, 9:04:11 AM2/15/17
to rabbitmq-users
I wasn't sure if they both needed a key or not. I saw more configs without password for the rabbit ssl. Yes it has a passphrase.
jonas S.
Feb 15, 2017, 9:46:11 AM2/15/17
to rabbitmq-users
Upgrading erlang fixed it. I'm using ubuntu 14.04, so the default erlang package was way outdated.
Michael Klishin
Feb 15, 2017, 9:50:04 AM2/15/17
to rabbitm...@googlegroups.com
FTR, what version did you originally install and what version fixed it for you?
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
jonas S.
Feb 15, 2017, 10:05:12 AM2/15/17
to rabbitmq-users
Erlang version 16.3 was originally installed on the machine. By downloading a newer version on https://www.erlang-solutions.com/resources/download.html manually, i installed version 19.2.
Due to rabbitmq's dependencies with erlang, i had to delete & reinstall it in the process. After reconfiguring, it worked.
Michael Klishin
Feb 15, 2017, 10:58:34 AM2/15/17
to rabbitm...@googlegroups.com
Ah, ok. We highly recommend 17.5+ for TLS in the docs, so this is old news.
I will add it to the Web STOMP guide and Web MQTT (which is yet to be written a.t.m.)
Thank you.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages