[rabbitmq-discuss] SSL connection errors once or twice every week

[Simon MacMullen]

Hi Brian.

On 05/03/2012 5:33AM, Brian Jing wrote:
> We have got multiple upstream and downstream servers. Each downstream
> server talks to all upstream servers, and vice versa. We use federation
> in a "symmetric" way in that federation exchanges on the servers are
> used for both downstream and upstream purposes. max_hops is set to 1 so
> it doesn't form a loop. However, there has been a lot of traffic
> generated by RabbitMQ on the network. I've read a recent discussion on
> symmetric federation on this mailing list and it seems that there are
> some problems with it. Not sure if the error we've been having has
> anything to do with it.

I don't think so. Note that the only problem with symmetric federation 
is that messages get transferred over the network only to get dropped. 
This wastes bandwidth but it's nothing to do with what you're seeing.

> It seems to me that the error message suggests a connection problem, but
> not sure whether it has to do with the federation plugin. Since the
> error will take a while to happen again (but will definitely happen) and
> it'll probably take at least a couple of weeks for us to determine the
> cause of it, I was just wondering if anyone can easily see what this
> error is about and if there is any fix for this.

Thanks for the pointer. So it looks like we may not be recovering well 
from an SSL connection dying post-establishment. I'll try to replicate this.

> Here is the error message:
<snip>
>                       {'RSAPrivateKey','two-prime',
<snip>

Huh. That doesn't look like a good thing to log. I think you should 
probably treat the private key from that machine as compromised, sorry :-(

The log message is being created by Erlang but I'll see if we can 
intercept it and strip that out...

Cheers, Simon