[rabbitmq-discuss] .NET ssl_upgrade_failure
Mark Ward
ward.mark at gmail.com
Thu Aug 2 15:22:54 BST 2012
Matthias,
stunnel may not be a viable option for our deployment requirements. I will
continue to investigate my situation. I am in the process of setting up
rabbitmq on a linux box to see if I obtain different results.
I have tested {verify, verify_none} and things turned out a little
different. The .NET client continues to give the exception "None of the
specified endpoints were reachable" but on the server side I see this in
the log.
=INFO REPORT==== 2-Aug-2012::09:01:08 ===
accepting AMQP connection <0.16578.0> ([FE80::9CF9:E6C8:AAA2:E95E]:60232 ->
[FE80::DC90:8492:EDEA:F29F]:443)
=WARNING REPORT==== 2-Aug-2012::09:01:08 ===
closing AMQP connection <0.16578.0> ([FE80::9CF9:E6C8:AAA2:E95E]:60232 ->
[FE80::DC90:8492:EDEA:F29F]:443):
connection_closed_abruptly
The Java client continues to connect and transmit fine through the server.
The following is the packet trace of the connection attempt between the
server and the .net client with verify, verify_none
No. Time Source Destination Protocol
Length Info
11 0.005181000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
TCP 82 60223 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1440
SACK_PERM=1
Frame 11: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 0, Len: 0
No. Time Source Destination Protocol
Length Info
12 0.005238000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
TCP 82 https > 60223 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0
MSS=1440 SACK_PERM=1
Frame 12: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol
Length Info
13 0.005970000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
TCP 74 60223 > https [ACK] Seq=1 Ack=1 Win=64800 Len=0
Frame 13: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Length Info
14 0.047390000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
SSLv3 132 Client Hello
Frame 14: 132 bytes on wire (1056 bits), 132 bytes captured (1056 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 1, Ack: 1, Len: 58
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 53
Handshake Protocol: Client Hello
No. Time Source Destination Protocol
Length Info
15 0.048333000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
SSLv3 160 Server Hello
Frame 15: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1, Ack: 59, Len: 86
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 81
Handshake Protocol: Server Hello
No. Time Source Destination Protocol
Length Info
16 0.048506000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
TCP 1514 [TCP segment of a reassembled PDU]
Frame 16: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
on interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 87, Ack: 59, Len: 1440
No. Time Source Destination Protocol
Length Info
17 0.048511000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
SSLv3 112 Certificate
Frame 17: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1527, Ack: 59, Len: 38
[2 Reassembled TCP Segments (1478 bytes): #16(1440), #17(38)]
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 1473
Handshake Protocol: Certificate
No. Time Source Destination Protocol
Length Info
18 0.048541000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
SSLv3 83 Server Hello Done
Frame 18: 83 bytes on wire (664 bits), 83 bytes captured (664 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1565, Ack: 59, Len: 9
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 4
Handshake Protocol: Server Hello Done
No. Time Source Destination Protocol
Length Info
19 0.048982000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
TCP 74 60223 > https [ACK] Seq=59 Ack=1574 Win=64800 Len=0
Frame 19: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 59, Ack: 1574, Len: 0
No. Time Source Destination Protocol
Length Info
20 0.051362000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
SSLv3 410 Client Key Exchange, Change Cipher Spec, Encrypted
Handshake Message
Frame 20: 410 bytes on wire (3280 bits), 410 bytes captured (3280 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 59, Ack: 1574, Len: 336
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 260
Handshake Protocol: Client Key Exchange
SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: SSL 3.0 (0x0300)
Length: 1
Change Cipher Spec Message
SSLv3 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 60
Handshake Protocol: Encrypted Handshake Message
No. Time Source Destination Protocol
Length Info
21 0.128285000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
SSLv3 80 Change Cipher Spec
Frame 21: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1574, Ack: 395, Len: 6
Secure Sockets Layer
SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: SSL 3.0 (0x0300)
Length: 1
Change Cipher Spec Message
No. Time Source Destination Protocol
Length Info
22 0.128335000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
SSLv3 139 Encrypted Handshake Message
Frame 22: 139 bytes on wire (1112 bits), 139 bytes captured (1112 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1580, Ack: 395, Len: 65
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 60
Handshake Protocol: Encrypted Handshake Message
No. Time Source Destination Protocol
Length Info
23 0.131355000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
TCP 74 60223 > https [ACK] Seq=395 Ack=1645 Win=64729 Len=0
Frame 23: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 395, Ack: 1645, Len: 0
No. Time Source Destination Protocol
Length Info
24 0.399464000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
TCP 74 60223 > https [FIN, ACK] Seq=395 Ack=1645 Win=64729 Len=0
Frame 24: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 395, Ack: 1645, Len: 0
No. Time Source Destination Protocol
Length Info
25 0.399522000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
TCP 74 https > 60223 [ACK] Seq=1645 Ack=396 Win=64464 Len=0
Frame 25: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1645, Ack: 396, Len: 0
No. Time Source Destination Protocol
Length Info
26 0.432068000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
SSLv3 101 Encrypted Alert
Frame 26: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1645, Ack: 396, Len: 27
Secure Sockets Layer
SSLv3 Record Layer: Encrypted Alert
Content Type: Alert (21)
Version: SSL 3.0 (0x0300)
Length: 22
Alert Message: Encrypted Alert
No. Time Source Destination Protocol
Length Info
27 0.432113000 fe80::dc90:8492:edea:f29f fe80::9cf9:e6c8:aaa2:e95e
TCP 74 https > 60223 [FIN, ACK] Seq=1672 Ack=396 Win=64464 Len=0
Frame 27: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_c0:0f:28 (00:0c:29:c0:0f:28), Dst: Vmware_01:f7:d2
(00:0c:29:01:f7:d2)
Internet Protocol Version 6, Src: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f), Dst: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e)
Transmission Control Protocol, Src Port: https (443), Dst Port: 60223
(60223), Seq: 1672, Ack: 396, Len: 0
No. Time Source Destination Protocol
Length Info
28 0.433512000 fe80::9cf9:e6c8:aaa2:e95e fe80::dc90:8492:edea:f29f
TCP 74 60223 > https [RST, ACK] Seq=396 Ack=1672 Win=0 Len=0
Frame 28: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: Vmware_01:f7:d2 (00:0c:29:01:f7:d2), Dst: Vmware_c0:0f:28
(00:0c:29:c0:0f:28)
Internet Protocol Version 6, Src: fe80::9cf9:e6c8:aaa2:e95e
(fe80::9cf9:e6c8:aaa2:e95e), Dst: fe80::dc90:8492:edea:f29f
(fe80::dc90:8492:edea:f29f)
Transmission Control Protocol, Src Port: 60223 (60223), Dst Port: https
(443), Seq: 396, Ack: 1672, Len: 0
Mark,
On 31/07/12 14:24, Mark Ward wrote:
> I have my server's configuration set to false for the
> fail_if_no_peer_cert setting.
You should also try setting {verify,verify_none}.
And, as Emile suggested, you may want to experiment with stunnel.
> A side note not all posts seem to make it into the google group but I
> find the posts either in email or in nabble.com
We have no control over the google group, unfortunately.
Matthias.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120802/ab66a70a/attachment.htm>
More information about the rabbitmq-discuss
mailing list