Não consigo configurar uma pá de coelho sobre amqps. A mesma pá funciona bem com amqp.
my (editado) uri:
amqps://un:[email protected]:5679?cacertfile=/etc/ssl/certs/example.com.cacert.crt&certfile=/etc/ssl/certs/example.com.crt&keyfile=/etc/ssl/private/example.com.key&verify=verify_peer
o erro no log stunnel:
SSL_accept: 14094410: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
e o status de shovel é
{{badmatch, {error, {tls_alert, "falha de handshake"}}}
Conectando-se via openssl a partir dos trabalhos do shell:
openssl s_client -connect myhost.example.com:5679 -cert /etc/ssl/certs/example.com.crt -key /etc/ssl/private/example.com.key -CAfile /etc/ssl/certs/example.com.cacert.crt
retorna
Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
Meu rabbitmq.config:
[
{kernel, [
]},
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1' ]}]},
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/ssl/certs/example.com.cacert.crt"},
{certfile,"/etc/ssl/certs/example.com.crt"},
{keyfile,"/etc/ssl/private/example.com.key"},
{versions, ['tlsv1.2', 'tlsv1.1']},
{depth, 2},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]},
{tcp_listen_options, [binary, {packet,raw},
{reuseaddr,true},
{backlog,128},
{nodelay,true},
{exit_on_close,false},
{keepalive,false}]},
{default_user, <<"guest">>},
{default_pass, <<"guest">>},
{heartbeat, 580}
]}
]