[rabbitmq-discuss] Request Handshake Timeout Increase
james.poole at rsa.com
james.poole at rsa.com
Tue May 8 15:42:53 BST 2012
We have been fighting with getting RabbitMQ to work with SSL enabled using
the .NET client, and we have finally tracked down the root cause.
We were seeing the handshake timeout issue mentioned in this thread:
http://old.nabble.com/handshake_timeout-td33108733.html
"{handshake_timeout,handshake}"
It turns out that Microsoft has a default policy that tries to connect to
Windows Update on the internet to validate Certificate Authorities. If the
client machine is not connected to the internet (our likely customer
deployment scenario and our development environment), then this can cause a
15 second delay when validating certificates. Since the RabbitMQ handshake
timeout is 10 seconds, then this fails and closes the connection. This was
only seen from the .NET client, and not the Java client.
I verified that disabling the local machine policy (directions here
http://technet.microsoft.com/en-us/library/cc749331%28v=ws.10%29.aspx)
allowed the SSL connection to immediately succeed.
My question is this. Is there any way we could have the handshake timeout
increased to something higher (20 seconds?) when SSL is enabled? This would
save us a lot of hassle explaining to customers why communications fail and
requiring them to enable the AD policy exception.
-James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120508/b2d011b0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7449 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120508/b2d011b0/attachment.bin>
More information about the rabbitmq-discuss
mailing list