How to add cipher suites support for rabbitmq?

Question

I have two installations of RMQ in my environment. Old installation has version 3.7.8 and erlang 21.1. Newer installation has version 3.7.9 and erlang 21.2

New installation has this cipher only these suites supported. No ecdhe support at all unlike old installation that has twise more cipher suites.

 sudo rabbitmq-diagnostics cipher_suites
 Listing available cipher suites in the Erlang term format
 [{dhe_rsa,aes_256_gcm,aead,sha384},
 {dhe_dss,aes_256_gcm,aead,sha384},
 {dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {dhe_rsa,aes_128_gcm,aead,sha256},
 {dhe_dss,aes_128_gcm,aead,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha}]

I can't log on to management plugin in chrome. It throws and ERR_SSL_VERSION_OR_CIPHER_MISMATCH exception. How to add more cipher suites?

Answer 1

Originally posted here.

You may be running into an issue with limited cipher suite availability. Using Erlang 21.1, notice that the default number of available suites is less than the total (on my machine):

2> length(ssl:cipher_suites()).
36
3> length(ssl:cipher_suites(all)).
74

To test out the cipher suites theory, please do this:

• Run the erl command
• Run this command in the shell (the period is significant): rp(ssl:cipher_suites(all)).

You will see a list of all supported suites on your platform.

NOTE: in your case, you need to add the ciphers section to the rabbitmq_management section of rabbitmq.config. If you need assistance, follow up to your thread on the mailing list.