我没有设置一个rabbitmq铲amqps。 同一把铲子在amqp上工作得很好。
我的(编辑)uri:
amqps://un:[email protected]:5679?cacertfile=/etc/ssl/certs/example.com.cacert.crt&certfile=/etc/ssl/certs/example.com.crt&keyfile=/etc/ssl/private/example.com.key&verify=verify_peer
stunnel日志中的错误:
SSL_accept: 14094410: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
和铲状态是
{{badmatch,{error,{tls_alert,“handshake failure”}}}
通过openssl从shell中连接工程:
openssl s_client -connect myhost.example.com:5679 -cert /etc/ssl/certs/example.com.crt -key /etc/ssl/private/example.com.key -CAfile /etc/ssl/certs/example.com.cacert.crt
回报
Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
我的rabbitmq.config:
[ {kernel, [ ]}, {ssl, [{versions, ['tlsv1.2', 'tlsv1.1' ]}]}, {rabbit, [ {ssl_listeners, [5671]}, {ssl_options, [{cacertfile,"/etc/ssl/certs/example.com.cacert.crt"}, {certfile,"/etc/ssl/certs/example.com.crt"}, {keyfile,"/etc/ssl/private/example.com.key"}, {versions, ['tlsv1.2', 'tlsv1.1']}, {depth, 2}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}, {tcp_listen_options, [binary, {packet,raw}, {reuseaddr,true}, {backlog,128}, {nodelay,true}, {exit_on_close,false}, {keepalive,false}]}, {default_user, <<"guest">>}, {default_pass, <<"guest">>}, {heartbeat, 580} ]} ]