[rabbitmq-discuss] Restriction to specific ciphers for ssl communications

• Previous message: [rabbitmq-discuss] Restriction to specific ciphers for ssl communications
• Next message: [rabbitmq-discuss] memory node and disk node in cluster
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Confirmed!

We are now only accepting those specified ciphers.

Thanks!

-Mark
On Jun 7, 2012 1:31 PM, "Emile Joubert" <emile at rabbitmq.com> wrote:

> Hi Mark,
>
> On 07/06/12 18:41, Mark Dotson wrote:
> > Humm, so for our specific setup we added the following options to
> > rabbitmq.config:
>
> If your email client is able to preserve the indentation and render with
> a fixed width font then you will see what's wrong:
>
> [{rabbit,[{tcp_listeners,[5672]},
>          {ssl_listeners,[5671]},
>          {ssl_options,[{cacertfile,".../certs/ca-bundle.crt"},
>                        {certfile,".../certs/rabbitmq.crt"},
>                        {keyfile,".../certs/rabbitmq.key"},
>                        {verify,verify_none},
>                        {fail_if_no_peer_cert,false}]},
>          {ciphers,[{dhe_rsa,aes_256_cbc,sha},
>                    {dhe_dss,aes_256_cbc,sha},
>                    {rsa,aes_256_cbc,sha}]}]},
>  {rabbit,[{vm_memory_high_watermark,0.5}]}].
>
> The "ciphers" configuration should be under "ssl_options" and you have a
> duplicate "rabbit" section. If you correct these then the configuration
> will take effect.
>
>
> -Emile
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120607/37f3e3ea/attachment.htm>

• Previous message: [rabbitmq-discuss] Restriction to specific ciphers for ssl communications
• Next message: [rabbitmq-discuss] memory node and disk node in cluster
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]