客户端与 RabbitMQ 的通信失败,使用 SSL 对等验证
[英]Client communication to RabbitMQ fails using SSL Peer Verification
问题描述
I am facing a weird situation in communication with RabbitMQ from a client, the following are the details RabbitMQ running on Azure AKS cluster (Containerized), exposed over the internet, Traffic is routed to RabbitMQ using Azure Traffic Manager (Custom Domain), RabbitMQ is configured to support SSL - and Peer Verification is set to true, Internal (Organization) server certificate is configured to the RabbitMQ config file. 
I am facing a weird situation in communication with RabbitMQ from a client, the following are the details RabbitMQ running on Azure AKS cluster (Containerized), exposed over the internet, Traffic is routed to RabbitMQ using Azure Traffic Manager (Custom Domain), RabbitMQ is配置为支持 SSL - 并且对等验证设置为 true,内部(组织)服务器证书配置为 RabbitMQ 配置文件。
RabbitMQ Version 3.7.8 RabbitMQ 版本 3.7.8
The client is deployed on BizTalk - Azure Virtual Machine, Custom adapter is build using .net to support the connection configuration on BizTalk server, the client certificate is installed on the server, and SSL configuration is done using client cert thumbprint.客户端部署在 BizTalk 上 - Azure 虚拟机,自定义适配器使用 .net 构建,以支持 BizTalk 服务器上的连接配置,客户端证书安装在服务器上,ZEA52C36203C5F919C3CE2Z 配置完成使用客户端 3 certBprint25A.2 拇指配置完成When BizTalk client (Written on .net) is tried to establish a connection with Rabbit Host, the server refused to connect stating Connection is forcefully closed by the server, we don't see much information in the Debug logs.当 BizTalk 客户端(写在 .net 上)尝试与 Rabbit Host 建立连接时,服务器拒绝连接,说明连接被服务器强制关闭,我们在调试日志中看不到太多信息。
We even tried capturing TCPDUMP but not much help out of that since Rabbit is running on container.我们甚至尝试捕获 TCPDUMP,但没有太大帮助,因为 Rabbit 是在容器上运行的。 However, there is a catch, to find out what is happening around the client and Rabbit server, I built a small RabbitMQ client tool to verify the SSL connection, written on .net, and its works as a charm.但是,有一个问题,为了找出客户端和 Rabbit 服务器周围发生的情况,我构建了一个小型 RabbitMQ 客户端工具来验证 SSL 连接,写在 Z2D50972FCECD376129545507F102 上,它的工作原理是魅力。
I need your help to find out the possible cause for the failure from the Client running on the BizTalk server.我需要您的帮助来找出 BizTalk 服务器上运行的客户端失败的可能原因。
Please note Non-SSL connection works perfectly fine.请注意,非 SSL 连接工作得很好。
2 个解决方案
解决方案1
1 2020-06-19 01:38:00
Go through the TLS troubleshoting guide ( link ) which will help you find the problem. Go 通过 TLS 故障排除指南(链接)可以帮助您找到问题。 As suggest in previous answer, it could be that rabbitmq is only supporting TLS 1.2 which is not enabled in .NET.正如先前答案中所建议的那样,可能是 rabbitmq 仅支持在 .NET 中未启用的 TLS 1.2。
Also you can enable TLS 1.1 in rabbitmq ( link ) if you see it is not enabled in rabbitmq which has high probability.如果您发现在 rabbitmq 中没有启用 TLS 1.1,那么您也可以在 rabbitmq(链接)中启用 TLS 1.1,这很有可能。
解决方案2
0 2020-06-19 00:01:01
With earlier version of.Net it doesn't default to using TLS 1.2 unless you make some registry entries or you explicitly tell it to use TSL 1.2 in code, see MS16-065: Description of the TLS/SSL protocol information disclosure vulnerability (CVE-2016-0149): May 10, 2016对于早期版本的 .Net,它不会默认使用 TLS 1.2,除非您创建一些注册表项或明确告诉它在代码中使用 TSL 1.2,请参阅MS16-065:TLS/SSL 协议信息泄露漏洞的描述(CVE -2016-0149):2016 年 5 月 10 日
The .NET Framework 4.0 and the .NET Framework 4.5.x applications that are running on the .NET Framework 4.5 and later versions can switch the default protocol to TLS 1.2, TLS 1.1, and TLS 1.0 by enabling the SchUseStrongCrypto registry key.
The other option is to do it via code either in a Pipeline Component or End Point Behaviour.另一种选择是通过管道组件或端点行为中的代码来完成。 See Encoding issue when passing URL Parameters with BizTalk WCF-WebHttp Send Port请参阅使用 BizTalk WCF-WebHttp 发送端口传递 URL 参数时的编码问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.