[rabbitmq-discuss] Restriction to specific ciphers for ssl communications
Mark Dotson
mastamark at gmail.com
Thu Jun 7 22:44:58 BST 2012
Confirmed!
We are now only accepting those specified ciphers.
Thanks!
-Mark
On Jun 7, 2012 1:31 PM, "Emile Joubert" <emile at rabbitmq.com> wrote:
> Hi Mark,
>
> On 07/06/12 18:41, Mark Dotson wrote:
> > Humm, so for our specific setup we added the following options to
> > rabbitmq.config:
>
> If your email client is able to preserve the indentation and render with
> a fixed width font then you will see what's wrong:
>
> [{rabbit,[{tcp_listeners,[5672]},
> {ssl_listeners,[5671]},
> {ssl_options,[{cacertfile,".../certs/ca-bundle.crt"},
> {certfile,".../certs/rabbitmq.crt"},
> {keyfile,".../certs/rabbitmq.key"},
> {verify,verify_none},
> {fail_if_no_peer_cert,false}]},
> {ciphers,[{dhe_rsa,aes_256_cbc,sha},
> {dhe_dss,aes_256_cbc,sha},
> {rsa,aes_256_cbc,sha}]}]},
> {rabbit,[{vm_memory_high_watermark,0.5}]}].
>
> The "ciphers" configuration should be under "ssl_options" and you have a
> duplicate "rabbit" section. If you correct these then the configuration
> will take effect.
>
>
> -Emile
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120607/37f3e3ea/attachment.htm>
More information about the rabbitmq-discuss
mailing list