[rabbitmq-discuss] RabbitMQ 3.2.2 and Erlang R16B03 - SSL Issue
Jared Kauppila
jared at kauppi.la
Tue Jan 21 04:20:03 GMT 2014
I am in the process of upgrading our existing (SSL enabled) clusters
(RabbitMQ 3.1.3 and Erlang R16B01) to the most recent versions (RabbitMQ
3.2.2 and Erlang R16B03) and I encountered an issue which may be a problem
with the SSL/TLS implementation on the latest version of Erlang?
We have the RabbitMQ Management webui load-balanced via F5 LTMs on Port 443
using Client/Server SSL profiles to terminate SSL at the appliance in order
to use cookie persistence to a node.
After updating our Dev cluster, traffic would no longer be sent to the nodes
when traversing the LTMs. Digging into the logs, I found the following F5
error:
01260017 - Connection attempt to insecure SSL server (see
RFC5746) aborted: XX.XX.XX.XX.:443.
There is a workaround present in the F5 KB on the issue:
Note: If upgrading the back-end SSL server is not an option,
you can set the Secure Renegotiation setting in the Server SSL profile to
Request, which will allow the back-end SSL server to continue to renegotiate
insecurely.
<http://support.f5.com/kb/en-us/solutions/public/13000/800/sol13860>
http://support.f5.com/kb/en-us/solutions/public/13000/800/sol13860
Hitting a node directly with Firefox, you can see the following error in the
Error Console:
server does not support RFC 5746, see CVE-2009-3555
Our current Test/Qual/Prod clusters on the previous version (3.1.3 and
R16B01) all work without issue.
Thoughts?
Thanks
--
Jared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140120/8ddab1c4/attachment.html>
More information about the rabbitmq-discuss
mailing list