我正在为RabbitMQ设置TLS并运行以解决握手问题。
RabbitMq建立连接显示
error on AMQP connection <0.1019.0>: {ssl_upgrade_failure,
{{{badmatch,
{error,
{asn1,
{'Type not compatible with table constraint',
{{component,'Type'},
{value,{5,<<>>}},
{unique_name_and_value,id,
{1,2,840,113549,1,1,11}}}}}}},
[{public_key,pkix_decode_cert,2},
{ssl_cipher,filter,2},
{ssl_handshake,select_session,8},
{ssl_handshake,hello,4},
{ssl_connection,hello,2},
{ssl_connection,next_state,3},
{gen_fsm,handle_msg,7},
{proc_lib,init_p_do_apply,3}]},
{gen_fsm,sync_send_all_state_event,
[<0.1020.0>,start,5000]}}} (unknown POSIX error)
题
1)这是一个erlang问题。我运行了一个相当老的erlang版本。 (Erlang R14B04(erts.8.5.5))
2)TLS版本有问题吗?
额外信息:
ssl:versions().
[{ssl_app,"4.1.6"},
{supported,[tlsv1,sslv3]},
{available,[tlsv1,sslv3]}]
rabbitMq配置:
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/certs/dev/ca_certificate.pem"},
{certfile, "/etc/rabbitmq/certs/dev/server_certificate.pem"},
{keyfile, "/etc/rabbitmq/certs/dev/server_key.pem"},
{verify, verify_none},
{depth, 3},
{versions, ['tlsv1.1', 'tlsv1']},
{fail_if_no_peer_cert, false}]}
另外,跑步时
openssl s_client -connect localhost:5672 -cert client_certificate.pem -key client_key.pem -CAfile ca_certificate.pem
CONNECTED(00000003)
139969158874952:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE`enter code here`
Expansion: NONE
---
所有帮助表示赞赏!
最佳答案
升级到最新版本的Erlang可以解决TLS问题。
关于ssl - 类型与表约束不兼容的RabbitMq TLS/SSL连接错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/57367831/