[rabbitmq-discuss] Restriction to specific ciphers for ssl communications
Emile Joubert
emile at rabbitmq.com
Thu Jun 7 21:31:12 BST 2012
Hi Mark,
On 07/06/12 18:41, Mark Dotson wrote:
> Humm, so for our specific setup we added the following options to
> rabbitmq.config:
If your email client is able to preserve the indentation and render with
a fixed width font then you will see what's wrong:
[{rabbit,[{tcp_listeners,[5672]},
{ssl_listeners,[5671]},
{ssl_options,[{cacertfile,".../certs/ca-bundle.crt"},
{certfile,".../certs/rabbitmq.crt"},
{keyfile,".../certs/rabbitmq.key"},
{verify,verify_none},
{fail_if_no_peer_cert,false}]},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}]},
{rabbit,[{vm_memory_high_watermark,0.5}]}].
The "ciphers" configuration should be under "ssl_options" and you have a
duplicate "rabbit" section. If you correct these then the configuration
will take effect.
-Emile
More information about the rabbitmq-discuss
mailing list