I have RabbitMQ 3.6.6 and Erlang 19.1 on a Linux box. I followed the SSL guide ( http://www.rabbitmq.com/ssl.html ) and can get Python clients to connect but not the .Net client.
I've tried identical server configurations using Erlang (17.4 18.1 and 18.2) which all work.
Detail using Erlang 19.1 are below
Wireshark Client Request
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Hello Request, Hello Request
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 1278
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 748
Certificates Length: 745
Certificates (745 bytes)
Certificate Length: 742
Certificate: 308202e2308201caa003020102020102300d06092a864886... (id-at-organizationName=client,id-at-commonName=netclient)
signedCertificate
version: v3 (2)
serialNumber: 2
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=MyTestCA)
RDNSequence item: 1 item (id-at-commonName=MyTestCA)
RelativeDistinguishedName item (id-at-commonName=MyTestCA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: MyTestCA
validity
notBefore: utcTime (0)
utcTime: 16-12-03 19:56:24 (UTC)
notAfter: utcTime (0)
utcTime: 17-12-03 19:56:24 (UTC)
subject: rdnSequence (0)
rdnSequence: 2 items (id-at-organizationName=client,id-at-commonName=netclient)
RDNSequence item: 1 item (id-at-commonName=netclient)
RelativeDistinguishedName item (id-at-commonName=netclient)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: netclient
RDNSequence item: 1 item (id-at-organizationName=client)
RelativeDistinguishedName item (id-at-organizationName=client)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: client
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100b5007e702f32e3e8e307eb07296cf4...
modulus: 0x00b5007e702f32e3e8e307eb07296cf453581e5fa9c6c831...
publicExponent: 65537
extensions: 3 items
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
BasicConstraintsSyntax [0 length]
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
Padding: 7
KeyUsage: 80 (digitalSignature)
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..0. .... = keyEncipherment: False
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 1 item
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 91d59d73fd4fa59494031acf857a0bc94061715b63f9d14d...
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret
Encrypted PreMaster length: 256
Encrypted PreMaster: b6907639fa3c297cbbe91a80ca7394569354ba1c04ca9541...
Handshake Protocol: Certificate Verify
Handshake Type: Certificate Verify (15)
Length: 260
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature length: 256
Signature: 98730313f2cf8eaa47e3e574f0e090882735ec69f051374a...
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Hello Request
Handshake Type: Hello Request (0)
Length: 0
Handshake Protocol: Hello Request
Handshake Type: Hello Request (0)
Length: 0
Wireshark Server Response
Alert (Level: Fatal, Description: Handshake Failure)
Just use Erlang Version 17.4, 18.1 or 18.2. I suspect a bug in Erlang as there is another that had issues:
https://bugs.erlang.org/browse/ERL-259 , ticket is resolved but there is no confirmation of it being fixed from anyone.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.