Question & Answer
Question
How do I stop RabbitMQ from allowing connections on weak ciphers?
Answer
1.) Modify the following file "/etc/rabbitmq/rabbitmq.config"
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"},
{certfile,"/etc/rabbitmq/ssl/cert.pem"},
{keyfile,"/etc/rabbitmq/ssl/key.pem"},
{verify,verify_none},
{fail_if_no_peer_cert,false},
{versions, ['tlsv1.2', 'tlsv1.1']}
]},
2.) After restart the rabbitmq-server service.
service rabbitmq-server restart
3) Confirm it worked using the openssl client:
openssl s_client -tls1_2 -connect localhost:5671 << Should see full info about your certificate
openssl s_client -ss13 -connect localhost:5671 << Should get error exampled below:
CONNECTED(00000003)
139705210185544:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1256:SSL alert number 70
139705210185544:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
[{"Product":{"code":"SST55W","label":"IBM Cloud Manager with OpenStack"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
nas8N1020640