Why do I get an a SSL handshake failure with .Net Client to RabbitMQ with Erlang 19.1.1 but do not in 17.4 18.1 and 18.2?
Question
I have RabbitMQ 3.6.6 and Erlang 19.1 on a Linux box. I followed the SSL guide ( http://www.rabbitmq.com/ssl.html ) and can get Python clients to connect but not the .Net client.
I've tried identical server configurations using Erlang (17.4 18.1 and 18.2) which all work.
Detail using Erlang 19.1 are below
Wireshark Client Request
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Hello Request, Hello Request
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 1278
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 748
Certificates Length: 745
Certificates (745 bytes)
Certificate Length: 742
Certificate: 308202e2308201caa003020102020102300d06092a864886... (id-at-organizationName=client,id-at-commonName=netclient)
signedCertificate
version: v3 (2)
serialNumber: 2
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=MyTestCA)
RDNSequence item: 1 item (id-at-commonName=MyTestCA)
RelativeDistinguishedName item (id-at-commonName=MyTestCA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: MyTestCA
validity
notBefore: utcTime (0)
utcTime: 16-12-03 19:56:24 (UTC)
notAfter: utcTime (0)
utcTime: 17-12-03 19:56:24 (UTC)
subject: rdnSequence (0)
rdnSequence: 2 items (id-at-organizationName=client,id-at-commonName=netclient)
RDNSequence item: 1 item (id-at-commonName=netclient)
RelativeDistinguishedName item (id-at-commonName=netclient)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: netclient
RDNSequence item: 1 item (id-at-organizationName=client)
RelativeDistinguishedName item (id-at-organizationName=client)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: client
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100b5007e702f32e3e8e307eb07296cf4...
modulus: 0x00b5007e702f32e3e8e307eb07296cf453581e5fa9c6c831...
publicExponent: 65537
extensions: 3 items
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
BasicConstraintsSyntax [0 length]
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
Padding: 7
KeyUsage: 80 (digitalSignature)
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..0. .... = keyEncipherment: False
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 1 item
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 91d59d73fd4fa59494031acf857a0bc94061715b63f9d14d...
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret
Encrypted PreMaster length: 256
Encrypted PreMaster: b6907639fa3c297cbbe91a80ca7394569354ba1c04ca9541...
Handshake Protocol: Certificate Verify
Handshake Type: Certificate Verify (15)
Length: 260
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature length: 256
Signature: 98730313f2cf8eaa47e3e574f0e090882735ec69f051374a...
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Hello Request
Handshake Type: Hello Request (0)
Length: 0
Handshake Protocol: Hello Request
Handshake Type: Hello Request (0)
Length: 0
Wireshark Server Response
Alert (Level: Fatal, Description: Handshake Failure)
1 answers
solution1
0 ACCPTED 2016-12-07 11:48:32
Just use Erlang Version 17.4, 18.1 or 18.2. I suspect a bug in Erlang as there is another that had issues:
https://bugs.erlang.org/browse/ERL-259 , ticket is resolved but there is no confirmation of it being fixed from anyone.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
connect to rabbitmq SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1108)
Why do I get this failure and why is mysql set to false?
Why do I get SSL error when I crawl a website?
Tweepy 2.0 hanging on ssl do_handshake()
How to upgrade numpy and pip version 18.1 to version 19.1.1 on mac?
python requests ssl handshake failure
SSL handshake failure on Google Translate
Python/Gunicorn ssl handshake failure
Why do I get [SSL: CERTIFICATE_VERIFY_FAILED] in Python when ssl setup looks OK?
Why does I get SSLV3_ALERT_HANDSHAKE_FAILURE error when requesting a website?
Related Tags