[rabbitmq-discuss] RabbitMQ 3.2.2 and Erlang R16B03 - SSL Issue

Jared Kauppila jared at kauppi.la
Tue Jan 21 04:20:03 GMT 2014

I am in the process of upgrading our existing (SSL enabled) clusters
(RabbitMQ 3.1.3 and Erlang R16B01) to the most recent versions (RabbitMQ
3.2.2 and Erlang R16B03) and I encountered an issue which may be a problem
with the SSL/TLS implementation on the latest version of Erlang?


We have the RabbitMQ Management webui load-balanced via F5 LTMs on Port 443
using Client/Server SSL profiles to terminate SSL at the appliance in order
to use cookie persistence to a node.


After updating our Dev cluster, traffic would no longer be sent to the nodes
when traversing the LTMs. Digging into the logs, I found the following F5


                01260017 - Connection attempt to insecure SSL server (see
RFC5746) aborted: XX.XX.XX.XX.:443.


There is a workaround present in the F5 KB on the issue:


                Note: If upgrading the back-end SSL server is not an option,
you can set the Secure Renegotiation setting in the Server SSL profile to
Request, which will allow the back-end SSL server to continue to renegotiate




Hitting a node directly with Firefox, you can see the following error in the
Error Console:


                server does not support RFC 5746, see CVE-2009-3555


Our current Test/Qual/Prod clusters on the previous version (3.1.3 and
R16B01) all work without issue.








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140120/8ddab1c4/attachment.html>

More information about the rabbitmq-discuss mailing list