This post has NOT been accepted by the mailing list yet.
Hi
I am trying to connect to rabbitmq over ssl (amqps). The client is go program using the amqp library - https://github.com/streadway/amqp I get the following error when I try to connect to rabbitmq over ssl - ERROR ----------- rabbitmq logs - =INFO REPORT==== 9-Sep-2015::10:55:57 === started SSL Listener on [::]:5671 =INFO REPORT==== 9-Sep-2015::10:55:57 === Management plugin started. Port: 15672 =INFO REPORT==== 9-Sep-2015::10:55:57 === Statistics database started. =INFO REPORT==== 9-Sep-2015::10:55:57 === Server startup complete; 7 plugins started. * rabbitmq_management * rabbitmq_web_dispatch * webmachine * mochiweb * rabbitmq_management_agent * amqp_client * rabbitmq_auth_mechanism_ssl =ERROR REPORT==== 9-Sep-2015::10:56:12 === Error on AMQP connection <0.318.0>: {ssl_upgrade_error,{options,{ciphers, [{ecdhe_ecdsa,aes_128_cbc,sha256}, {ecdhe_ecdsa,aes_256_cbc,sha}, {ecdhe_ecdsa_aes256_sha384}, {ecdhe_rsa_aes256_sha384}, {ecdh_ecdsa_aes256_sha384}, {ecdh_rsa_aes256_sha384}, {dhe_rsa_aes256_sha256}, {dhe_dss_aes256_sha256}, {aes256_sha256}, {ecdhe_ecdsa_aes128_sha256}, {ecdhe_rsa_aes128_sha256}, {ecdh_ecdsa_aes128_sha256}, {ecdh_rsa_aes128_sha256}, {dhe_rsa_aes128_sha256}, {dhe_dss_aes128_sha256}, {aes128_sha256}, {ecdhe_ecdsa_aes256_sha}, {ecdhe_rsa_aes256_sha}, {dhe_rsa_aes256_sha}, {dhe_dss_aes256_sha}, {ecdh_ecdsa_aes256_sha}, {ecdh_rsa_aes256_sha}, {aes256_sha}, {ecdhe_ecdsa_des_cbc3_sha}, {ecdhe_rsa_des_cbc3_sha}, {edh_rsa_des_cbc3_sha}, {edh_dss_des_cbc3_sha}, {ecdh_ecdsa_des_cbc3_sha}, {ecdh_rsa_des_cbc3_sha}, {des_cbc3_sha}, {ecdhe_ecdsa_aes128_sha}, {ecdhe_rsa_aes128_sha}, {dhe_rsa_aes128_sha}, {dhe_dss_aes128_sha}, {ecdh_ecdsa_aes128_sha}, {ecdh_rsa_aes128_sha}, {aes128_sha}, {ecdhe_ecdsa_rc4_sha}, {ecdhe_rsa_rc4_sha}, {rc4_sha}, {rc4_md5}, {edh_rsa_des_cbc_sha}, {ecdh_ecdsa_rc4_sha}, {ecdh_rsa_rc4_sha}, {des_cbc_sha}]} Error on the go client - read tcp 68.140.240.146:45585->68.140.240.146:5671: read: connection reset by peer CONFIGURATION ---------------------------- Rabbitmq version - =INFO REPORT==== 9-Sep-2015::10:55:56 === Starting RabbitMQ 3.5.4 on Erlang R16B03 On the erlang shell 2> ssl:versions(). [{ssl_app,"5.3.2"}, {supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}, {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}] $ openssl version OpenSSL 1.0.1f 6 Jan 2014 $ openssl ciphers -v ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1 SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1 SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 oncuelinx@oncuelinx-ThinkPad-T520:~$ rabbitmq config ---------------------- {ssl_listeners, [5671]}, {ssl_options, [{cacertfile, "/etc/ssl/certs/cacert.pem"}, {certfile, "/etc/rabbitmq/ssl/rabbitmq.pem"}, {keyfile, "/etc/rabbitmq/ssl/rabbitmq.key"}, {ciphers, [{ecdhe_ecdsa,aes_128_cbc,sha256}, {ecdhe_ecdsa,aes_256_cbc,sha}, {ecdhe_ecdsa_aes256_sha384}, {ecdhe_rsa_aes256_sha384}, {ecdh_ecdsa_aes256_sha384}, {ecdh_rsa_aes256_sha384}, {dhe_rsa_aes256_sha256}, {dhe_dss_aes256_sha256}, {aes256_sha256}, {ecdhe_ecdsa_aes128_sha256}, {ecdhe_rsa_aes128_sha256}, {ecdh_ecdsa_aes128_sha256}, {ecdh_rsa_aes128_sha256}, {dhe_rsa_aes128_sha256}, {dhe_dss_aes128_sha256}, {aes128_sha256}, {ecdhe_ecdsa_aes256_sha}, {ecdhe_rsa_aes256_sha}, {dhe_rsa_aes256_sha}, {dhe_dss_aes256_sha}, {ecdh_ecdsa_aes256_sha}, {ecdh_rsa_aes256_sha}, {aes256_sha}, {ecdhe_ecdsa_des_cbc3_sha}, {ecdhe_rsa_des_cbc3_sha}, {edh_rsa_des_cbc3_sha}, {edh_dss_des_cbc3_sha}, {ecdh_ecdsa_des_cbc3_sha}, {ecdh_rsa_des_cbc3_sha}, {des_cbc3_sha}, {ecdhe_ecdsa_aes128_sha}, {ecdhe_rsa_aes128_sha}, {dhe_rsa_aes128_sha}, {dhe_dss_aes128_sha}, {ecdh_ecdsa_aes128_sha}, {ecdh_rsa_aes128_sha}, {aes128_sha}, {ecdhe_ecdsa_rc4_sha}, {ecdhe_rsa_rc4_sha}, {rc4_sha}, {rc4_md5}, {edh_rsa_des_cbc_sha}, {ecdh_ecdsa_rc4_sha}, {ecdh_rsa_rc4_sha}, {des_cbc_sha}]}, {verify, verify_peer}, {fail_if_no_peer_cert, false}]}, {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, {auth_mechanisms, ['EXTERNAL']}, {ssl_handshake_timeout, 10000} Go version - $ go version go version go1.5 linux/amd64 The Go crypto/tls library supports only 3 types of curves - const ( CurveP256 CurveID = 23 CurveP384 CurveID = 24 CurveP521 CurveID = 25 ) I am stuck with this problem from many days. Is there something wrong with my config ? Any help is greatly appreciated. Thanks |
Free forum by Nabble | Edit this page |