3.5.9 supports only MD5, which is unacceptable and not FIPS compliant.
Need to check full sanity tests
can we also ensure that RabbitMQ stores passwords in strong hash?
You can assign it to me if you're interested.
tal already verified that, in installation we install a clean rabbit and in snapshot restore we create new users, so rabbit uses the new default stronger hash.