[rabbitmq-discuss] Restriction to specific ciphers for ssl communications

• Previous message: [rabbitmq-discuss] Restriction to specific ciphers for ssl communications
• Next message: [rabbitmq-discuss] Restriction to specific ciphers for ssl communications
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mark,

On 07/06/12 18:41, Mark Dotson wrote:
> Humm, so for our specific setup we added the following options to
> rabbitmq.config:

If your email client is able to preserve the indentation and render with
a fixed width font then you will see what's wrong:

[{rabbit,[{tcp_listeners,[5672]},
          {ssl_listeners,[5671]},
          {ssl_options,[{cacertfile,".../certs/ca-bundle.crt"},
                        {certfile,".../certs/rabbitmq.crt"},
                        {keyfile,".../certs/rabbitmq.key"},
                        {verify,verify_none},
                        {fail_if_no_peer_cert,false}]},
          {ciphers,[{dhe_rsa,aes_256_cbc,sha},
                    {dhe_dss,aes_256_cbc,sha},
                    {rsa,aes_256_cbc,sha}]}]},
 {rabbit,[{vm_memory_high_watermark,0.5}]}].

The "ciphers" configuration should be under "ssl_options" and you have a
duplicate "rabbit" section. If you correct these then the configuration
will take effect.


-Emile

• Previous message: [rabbitmq-discuss] Restriction to specific ciphers for ssl communications
• Next message: [rabbitmq-discuss] Restriction to specific ciphers for ssl communications
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]