RabbitMQ supports the use of weak and medium strength SSL ciphers on port 5671.
It should be configured to accept only ciphers with strong encryption.
Environment:
OS (CLI), HA cluster, cloud provider
------------------------------------
Steps to reproduce:
------------------
1.
2.
3.
Expected result:
---------------
Actual result:
-------------
This may be a bigger problem than it looks like. It's not only a question of configuring RabbitMQ. It's also a question of whether our supported platforms can even use such ciphers. Most likely that recent platforms will work OK, but I'm not that sure about CentOS / RHEL 6.x and Ubuntu < 16.
did the customer specify which ciphers they refer to as weak & medium?
Another potential problem has to do with upgrades — not necessarily the agent itself, but the VM's and specifically the openssl version and ciphers installed on them.
Validation:
Run a script that obtains all supported ciphers supported by OpenSSL, and uses open ssl connect -cipher to establish connection on localhost:5671.
All ciphers that were accepted, belong to the list of "advanced" and "advanced+" ciphers published by OWASP.