rabbitmq-shovel amqps falha de handshake de conexão

4

Não consigo configurar uma pá de coelho sobre amqps. A mesma pá funciona bem com amqp.

my (editado) uri:

amqps://un:[email protected]:5679?cacertfile=/etc/ssl/certs/example.com.cacert.crt&certfile=/etc/ssl/certs/example.com.crt&keyfile=/etc/ssl/private/example.com.key&verify=verify_peer

o erro no log stunnel:

SSL_accept: 14094410: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

e o status de shovel é

{{badmatch, {error, {tls_alert, "falha de handshake"}}}

Conectando-se via openssl a partir dos trabalhos do shell:

openssl s_client -connect myhost.example.com:5679 -cert /etc/ssl/certs/example.com.crt -key /etc/ssl/private/example.com.key -CAfile /etc/ssl/certs/example.com.cacert.crt

retorna

Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)

Meu rabbitmq.config:

[
  {kernel, [

  ]},
  {ssl, [{versions, ['tlsv1.2', 'tlsv1.1' ]}]},
  {rabbit, [
    {ssl_listeners, [5671]},
    {ssl_options, [{cacertfile,"/etc/ssl/certs/example.com.cacert.crt"},
                    {certfile,"/etc/ssl/certs/example.com.crt"},
                    {keyfile,"/etc/ssl/private/example.com.key"},
                    {versions, ['tlsv1.2', 'tlsv1.1']},
                    {depth, 2},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]},
    {tcp_listen_options, [binary, {packet,raw},
                                  {reuseaddr,true},
                                  {backlog,128},
                                  {nodelay,true},
                                  {exit_on_close,false},
                                  {keepalive,false}]},

    {default_user, <<"guest">>},
    {default_pass, <<"guest">>},
    {heartbeat, 580}
  ]}
]
    
por dazl 02.04.2015 / 00:29

0 respostas