[rabbitmq-discuss] Restriction to specific ciphers for ssl communications

[Emile Joubert]

Hi Mark,

On 06/06/12 00:48, Mark Dotson wrote:
> I'd like to specifically restrict specific ssl ciphers acceptable to
> communicate via and reject all others.  Is adding the specific ciphers
> in the rabbitmq.config file as an ssl_option the right way to go about
> doing this?

Yes, you can find the available ciphers by running
rabbitmqctl eval 'ssl:cipher_suites().'
and adding specifying you selection as the "ciphers" parameter.
Make sure that clients and broker have at least one cipher in common.

The Erlang SSL page has more details:
http://www.erlang.org/doc/man/ssl.html


-Emile