On Thursday, February 19, 2015 17:13 CET, David Coppa <dco...@gmail.com> wrote: > On Thu, Feb 19, 2015 at 4:49 PM, David Coppa <dco...@gmail.com> wrote: > > On Wed, Feb 18, 2015 at 11:14 PM, Sebastian Reitenbach > > <sebas...@l00-bugdead-prods.de> wrote: > >> Hi, > >> > >> spent the whole evening trying to wrap my head around erlang. At least > >> made a bit of progress. > >> As the subject says, SSL is not totally broken. The (broken) SSLv3 works, > >> but not > >> TLS. At least, I was up to now not able to get TLS to work. > > > > Very strange! Because it seems that, as of RabbitMQ>=3.4.0, SSLv3 is > > disabled automatically to prevent the POODLE attack [1]. > > > > One has to explicitly set the "ssl_allow_poodle_attack" rabbit config > > item to true, to make SSLv3 work...
I only tried to access the management port for now, and that worked without that parameter. > > > > [1] https://www.rabbitmq.com/ssl.html > > > > Ciao > > David > > It seems there are a lot of SSL-related bugfixes between Erlang 16 and 17: > > https://github.com/erlang/otp/blob/maint/lib/ssl/doc/src/notes.xml > > (R16B03-1 has SSL library version 5.3.3, while they're at SSL 5.3.8 now) > > So maybe SSL is broken with R16... I don't know... I'm going to downgrade my erlang to R16B03 (without the -1) because from that changelog, there also were some "fixes" with regard to SSL application. Hope that may work. If so, it should make it easier to hopefully spot what's causing my trouble. cheers, Sebastian > > Ciao! > David > -- > "If you try a few times and give up, you'll never get there. But if > you keep at it... There's a lot of problems in the world which can > really be solved by applying two or three times the persistence that > other people will." > -- Stewart Nelson
