I tried the programs from ERL-973 (which originates from a similar issue I had with the Java client on Java 11 and Erlang 22.0.2) with Java 8-252, 8-272, 8-275 and Erlang 22.3.4.5 but I could not reproduce, the handshake succeeded. We need to know exactly on which versions of RabbitMQ and Erlang you're encountering the problem (and all the digits for each version).Īnd yes, the Java client uses the JDK for TLS and RabbitMQ uses Erlang for TLS, so it's likely a problem between the runtimes (JDK and Erlang) that causes the problem. This is confusing, you mention Erlang 22 and Erlang 22.3.4.5, on possibly 2 different systems. On my team's system, we're using erlang 22.3.4.5-1 for a different connection (not part of this discussion). > On the RabbitMQ *server* (which is the 'other end' of the conversation from my team's system), erlang/OTP 22 is being used. To unsubscribe from this group and stop receiving emails from it, send an email to view this discussion on the web, visit >. You received this message because you are subscribed to the Google Groups "rabbitmq-users" group. We found that these two extensions are NOT part of the TLS 1.2 RFC ( ) but are part of the TLS 1.3 RFC ( ). In the trace we see the client receiving - : Received fatal alert: handshake_failureįurther analysis of the Client Hello packet being generated by our system showed that the ‘Version’ value is ‘TLS 1.2’ but the packet contains several extensions including ‘signature_algorithrms_cert’ and ‘supported_versions’.
When we did a packet capture and analyzed the conversation between the RabbitMQ client and server, we noticed that the server was failing the TLS handshake: Looking in the Java 8u261 Release Notes ( ), I see that this release includes support for TLS 1.3. The changelog for this later release ( ) contains a note about the inclusion of TLS 1.3. Our engineering team has a system that is using RabbitMQ java client (com.rabbitmq:amqp-client:5.4.3) to connect over TLS 1.2 to a RabbitMQ server (version 3.7.16) on another system.
#Rabbitmq java client ssl tls2 example upgrade
Subject: Java upgrade with TLS 1.3 support causes rabbitmq TLS handshake failures
And as Gabriele explained, if you want to use TLS 1.3, you need to test the last RC of RabbitMQ 3.8.10.
0 kommentar(er)
