<p>Confirmed!</p>
<p>We are now only accepting those specified ciphers.</p>
<p>Thanks!</p>
<p>-Mark</p>
<div class="gmail_quote">On Jun 7, 2012 1:31 PM, "Emile Joubert" <<a href="mailto:emile@rabbitmq.com">emile@rabbitmq.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Mark,<br>
<br>
On 07/06/12 18:41, Mark Dotson wrote:<br>
> Humm, so for our specific setup we added the following options to<br>
> rabbitmq.config:<br>
<br>
If your email client is able to preserve the indentation and render with<br>
a fixed width font then you will see what's wrong:<br>
<br>
[{rabbit,[{tcp_listeners,[5672]},<br>
� � � � �{ssl_listeners,[5671]},<br>
� � � � �{ssl_options,[{cacertfile,".../certs/ca-bundle.crt"},<br>
� � � � � � � � � � � �{certfile,".../certs/rabbitmq.crt"},<br>
� � � � � � � � � � � �{keyfile,".../certs/rabbitmq.key"},<br>
� � � � � � � � � � � �{verify,verify_none},<br>
� � � � � � � � � � � �{fail_if_no_peer_cert,false}]},<br>
� � � � �{ciphers,[{dhe_rsa,aes_256_cbc,sha},<br>
� � � � � � � � � �{dhe_dss,aes_256_cbc,sha},<br>
� � � � � � � � � �{rsa,aes_256_cbc,sha}]}]},<br>
�{rabbit,[{vm_memory_high_watermark,0.5}]}].<br>
<br>
The "ciphers" configuration should be under "ssl_options" and you have a<br>
duplicate "rabbit" section. If you correct these then the configuration<br>
will take effect.<br>
<br>
<br>
-Emile<br>
<br>
<br>
<br>
<br>
</blockquote></div>