[rabbitmq-discuss] Cryptographic algorithms used by RabbitMQ SSL

Michael Klishin mklishin at gopivotal.com
Thu Sep 12 10:48:32 BST 2013


Kapil Goyal:

> But, when I say ‘rabbitmqctl status’ on a server where RabbitMQ 3.1.5 is installed, the list of applications doesn’t include new_ssl:
>  
> {running_applications,
>      [{rabbitmq_management,"RabbitMQ Management Console","3.1.5"},
>       {rabbitmq_management_agent,"RabbitMQ Management Agent","3.1.5"},
>       {rabbit,"RabbitMQ","3.1.5"},
>       {ssl,"Erlang/OTP SSL application","5.1.2"},

"new ssl" coexisted with "old ssl" until R15B (late 2011), after which the old implementation
was dropped. So the ssl application listed is "new ssl".

>  
> I did the following:
> 2> ssl:start().
> ok
> 3> ssl:cipher_suites().
> [{dhe_rsa,aes_256_cbc,sha},
> {dhe_dss,aes_256_cbc,sha},
> {rsa,aes_256_cbc,sha},
> {dhe_rsa,'3des_ede_cbc',sha},
> {dhe_dss,'3des_ede_cbc',sha},
> {rsa,'3des_ede_cbc',sha},
> {dhe_rsa,aes_128_cbc,sha},
> {dhe_dss,aes_128_cbc,sha},
> {rsa,aes_128_cbc,sha},
> {rsa,rc4_128,sha},
> {rsa,rc4_128,md5},
> {dhe_rsa,des_cbc,sha},
> {rsa,des_cbc,sha}]
> 5> ssl:versions().
> [{ssl_app,"5.1.2"},
> {supported,[tlsv1,sslv3]},
> {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
>  
> Is #3 above the right way to find the list of algorithms supported by RabbitMQ?

Yes.
--
MK

Software Engineer, Pivotal/RabbitMQ

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130912/09ef1ce7/attachment.pgp>


More information about the rabbitmq-discuss mailing list