[rabbitmq-discuss] Strange behavior with SSL configuration

Matthew Sackman matthew at rabbitmq.com
Thu Jun 17 11:12:51 BST 2010


Hi,

On Thu, Jun 17, 2010 at 11:51:16AM +0200, romary.kremer at gmail.com wrote:
> One month ago, we start experimenting the SSL features as described
> in the rabbitMQ SSL web page.
> 
> 	- We had set up a broker (1.7.2) on an Ubuntu with latest Erlang
> distribution R13B04 (built from sources)
> 	
> 	- We wrote down a simple Java client exemple that both presents a
> certificate and verify the broker certificate, based on the second
> Java example of the documentation.
> 
> 	- On the broker side, we have experimented both
> fail_if_no_peer_cert  with value true and false.
> 
> Everything seemed to work perfectly at this time, and we stated that
> SSL support was good enough and we paused our work on that part
> right after that.
> 
> The most disturbing thing is that it sometimes manage to !!!!
> amongst 20 executions,  we have observed 2 successful executions.

Yes, that's about right. To quote from the SSL page at
http://www.rabbitmq.com/ssl.html

"Note there are major bugs SSL in Erlang release R13B04 which renders
using SSL with cerificates broken. As of this writing, if you're wishing
to use SSL with certificates with RabbitMQ, we recommend R13B03 as the
least buggy implementation of SSL in Erlang"

I reported several bugs about the SSL module to the Erlang developers
and there should be fixes in the R14A which got released today. However,
that is an alpha release so you may not wish to use it - I've not had a
chance to investigate it yet.

I had the most success with R13B03 wrt SSL.

Matthew


More information about the rabbitmq-discuss mailing list