[rabbitmq-discuss] ssl ciphers with federation

karrast KarrasT at Pragmatics.com
Thu Jan 2 16:38:12 GMT 2014

The internal use of MD5 internally does not make something non-FIPS
compliant. FIPS only restricts communication with MD5 such as SSL. As you
mentioned though setting the ciphers in ssl_options on the brokers allow
them to be started without errors.

The problem comes with enabling federation. As soon as an upstream broker is
set on a running RabbitMQ instance using SSL, the server crashes with the
MD5 error. I believe this comes about because the federation plugin uses a
RabbitMQ client to communicate with the upstream broker which uses different
settings than what is set on the server. 

Unfortunately I could not find a way to set ssl_options on the client used
for federation so that I could specify a cipher to use. I did look into the
old federation client which was around for the 3.0.0 release of RabbitMQ
which did allow you to set ssl_options on the federation client but that did
not seem to work any longer in the latest version. 

So my main question was is there a way to set SSL ciphers on the federation



View this message in context: http://rabbitmq.1065348.n5.nabble.com/ssl-ciphers-with-federation-tp32276p32369.html
Sent from the RabbitMQ mailing list archive at Nabble.com.

More information about the rabbitmq-discuss mailing list