<p>Confirmed!</p>
<p>We are now only accepting those specified ciphers.</p>
<p>Thanks!</p>
<p>-Mark</p>
<div class="gmail_quote">On Jun 7, 2012 1:31 PM, &quot;Emile Joubert&quot; &lt;<a href="mailto:emile@rabbitmq.com">emile@rabbitmq.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Mark,<br>
<br>
On 07/06/12 18:41, Mark Dotson wrote:<br>
&gt; Humm, so for our specific setup we added the following options to<br>
&gt; rabbitmq.config:<br>
<br>
If your email client is able to preserve the indentation and render with<br>
a fixed width font then you will see what&#39;s wrong:<br>
<br>
[{rabbit,[{tcp_listeners,[5672]},<br>
          {ssl_listeners,[5671]},<br>
          {ssl_options,[{cacertfile,&quot;.../certs/ca-bundle.crt&quot;},<br>
                        {certfile,&quot;.../certs/rabbitmq.crt&quot;},<br>
                        {keyfile,&quot;.../certs/rabbitmq.key&quot;},<br>
                        {verify,verify_none},<br>
                        {fail_if_no_peer_cert,false}]},<br>
          {ciphers,[{dhe_rsa,aes_256_cbc,sha},<br>
                    {dhe_dss,aes_256_cbc,sha},<br>
                    {rsa,aes_256_cbc,sha}]}]},<br>
 {rabbit,[{vm_memory_high_watermark,0.5}]}].<br>
<br>
The &quot;ciphers&quot; configuration should be under &quot;ssl_options&quot; and you have a<br>
duplicate &quot;rabbit&quot; section. If you correct these then the configuration<br>
will take effect.<br>
<br>
<br>
-Emile<br>
<br>
<br>
<br>
<br>
</blockquote></div>