On Thu, Feb 19, 2015 at 4:49 PM, David Coppa <dco...@gmail.com> wrote: > On Wed, Feb 18, 2015 at 11:14 PM, Sebastian Reitenbach > <sebas...@l00-bugdead-prods.de> wrote: >> Hi, >> >> spent the whole evening trying to wrap my head around erlang. At least made >> a bit of progress. >> As the subject says, SSL is not totally broken. The (broken) SSLv3 works, >> but not >> TLS. At least, I was up to now not able to get TLS to work. > > Very strange! Because it seems that, as of RabbitMQ>=3.4.0, SSLv3 is > disabled automatically to prevent the POODLE attack [1]. > > One has to explicitly set the "ssl_allow_poodle_attack" rabbit config > item to true, to make SSLv3 work... > > [1] https://www.rabbitmq.com/ssl.html > > Ciao > David
It seems there are a lot of SSL-related bugfixes between Erlang 16 and 17: https://github.com/erlang/otp/blob/maint/lib/ssl/doc/src/notes.xml (R16B03-1 has SSL library version 5.3.3, while they're at SSL 5.3.8 now) So maybe SSL is broken with R16... I don't know... Ciao! David -- "If you try a few times and give up, you'll never get there. But if you keep at it... There's a lot of problems in the world which can really be solved by applying two or three times the persistence that other people will." -- Stewart Nelson
