Hi all, We’ve been trying out some mitaka packages as well as some Xenial hosts and have been having some issues with rabbit and SSL.
If using rabbitMQ 3.6.x on Trusty I can’t get a mitaka host (oslo_messaging 4.6.1, python-amqp 1.4.9) to connect to rabbit over SSL. If I use rabbitMQ 3.6.x on Xenial I can get it to work BUT I need to change some settings on rabbit to allow some weaker ciphers. I had to add the following to rabbitmq.config (found on some random blog and haven’t investigated what exactly needed to change sorry) {versions, ['tlsv1.2', 'tlsv1.1', tlsv1]}, {ciphers, ["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384","ECDH-ECDSA-AES256-SHA384", "ECDH-RSA-AES256-SHA384","DHE-DSS-AES256-GCM-SHA384","DHE-DSS-AES256-SHA256", "AES256-GCM-SHA384","AES256-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES128-SHA256","ECDHE-RSA-AES128-SHA256", "ECDH-ECDSA-AES128-GCM-SHA256","ECDH-RSA-AES128-GCM-SHA256","ECDH-ECDSA-AES128-SHA256", "ECDH-RSA-AES128-SHA256","DHE-DSS-AES128-GCM-SHA256","DHE-DSS-AES128-SHA256", "AES128-GCM-SHA256","AES128-SHA256","ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA","ECDH-ECDSA-AES256-SHA", "ECDH-RSA-AES256-SHA","AES256-SHA","ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA","ECDH-ECDSA-AES128-SHA", "ECDH-RSA-AES128-SHA","AES128-SHA"]}, {honor_cipher_order, true}, Is anyone else had a play with this and got it working where a mitaka host can talk to a rabbitmq server running on trusty? The version or erlang is the difference here and I’m pretty sure that is where the change is. Cheers, Sam _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators