- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
我正在运行 RabbitMQ 3.6.1/Erlang 18.3,发现我无法使用 Spring AMQP 1.5.4.RELEASE Java 客户端与代理建立 TLSv1 或 TLSv1.1 session 。但是,我能够与代理建立 TLSv1.2 session 。我的 RabbitMQ 代理配置为支持所有三个 tlsv1、tlsv1.1 和 tlsv1.2。我在 OS X 上使用 Java 1.8.0_77-b03。
这是我的 RabbitMQ 配置:
https://gist.github.com/ae6rt/de06d1efecf62fbe8cef31774d9be3d7
代理上的 Erlang 报告 ssl 版本
# erl
Eshell V7.3 (abort with ^G)
1> ssl:versions().
[{ssl_app,"7.3"},
{supported,['tlsv1.2','tlsv1.1',tlsv1]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
这是 RabbitMQ 在失败时记录的错误:
=ERROR REPORT==== 22-Apr-2016::03:19:02 ===
SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security
在 TLS 设置期间,我使用 tcpdump 嗅探安全端口 5671 上的流量。这是 tshark 对该数据的格式化:
Frame 4: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Apr 21, 2016 20:09:38.053439000 PDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1461294578.053439000 seconds
[Time delta from previous captured frame: 0.013675000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.013840000 seconds]
Frame Number: 4
Frame Length: 210 bytes (1680 bits)
Capture Length: 210 bytes (1680 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
Ethernet II, Src: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c), Dst: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
Destination: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
Address: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
Address: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.2.2, Dst: 172.17.0.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 196
Identification: 0x0a1e (2590)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: TCP (6)
Header checksum: 0xb901 [validation disabled]
[Good: False]
[Bad: False]
Source: 10.0.2.2
Destination: 172.17.0.2
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 39141 (39141), Dst Port: 5671 (5671), Seq: 1, Ack: 1, Len: 156
Source Port: 39141
Destination Port: 5671
[Stream index: 0]
[TCP Segment Len: 156]
Sequence number: 1 (relative sequence number)
[Next sequence number: 157 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x6ef9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.000165000 seconds]
[Bytes in flight: 156]
Secure Sockets Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 151
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 147
Version: TLS 1.0 (0x0301)
Random
GMT Unix Time: Apr 21, 2016 20:09:38.000000000 PDT
Random Bytes: 742380f15c78a0409bd2817911699637f5c7879f27bf6dc1...
Session ID Length: 0
Cipher Suites Length: 44
Cipher Suites (22 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 62
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: sect193r1 (0x0004)
Elliptic curve: sect193r2 (0x0005)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: sect239k1 (0x0008)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Frame 6: 61 bytes on wire (488 bits), 61 bytes captured (488 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Apr 21, 2016 20:09:38.053842000 PDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1461294578.053842000 seconds
[Time delta from previous captured frame: 0.000377000 seconds]
[Time delta from previous displayed frame: 0.000403000 seconds]
[Time since reference or first frame: 0.014243000 seconds]
Frame Number: 6
Frame Length: 61 bytes (488 bits)
Capture Length: 61 bytes (488 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
Ethernet II, Src: 02:42:ac:11:00:02 (02:42:ac:11:00:02), Dst: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
Destination: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
Address: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
Address: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.17.0.2, Dst: 10.0.2.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 47
Identification: 0x3fb8 (16312)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x42fc [validation disabled]
[Good: False]
[Bad: False]
Source: 172.17.0.2
Destination: 10.0.2.2
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 5671 (5671), Dst Port: 39141 (39141), Seq: 1, Ack: 157, Len: 7
Source Port: 5671
Destination Port: 39141
[Stream index: 0]
[TCP Segment Len: 7]
Sequence number: 1 (relative sequence number)
[Next sequence number: 8 (relative sequence number)]
Acknowledgment number: 157 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 30016
[Calculated window size: 30016]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xb836 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.000165000 seconds]
[Bytes in flight: 7]
Secure Sockets Layer
TLSv1 Record Layer: Alert (Level: Fatal, Description: Insufficient Security)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Insufficient Security (71)
这是 Spring 连接失败:
org.springframework.amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: insufficient_security
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:277)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:647)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:273)
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:510)
at com.xoom.inf.amqp.TlsTest.contactBrokerOverTLS(TlsTest.java:42)
我的 RabbitMQ 代理配置为协商 tlsv1、tlsv1.1 和 tlsv1.2。为什么当代理应该支持 tlsv1 和 tlsv1.1 时,TLS 设置会失败?同一个 Java 客户端可以与 RabbitMQ 3.3.1/Erlang R16B02 代理协商 TLSv1。
谢谢。
最佳答案
Erlang ssl
应用程序在 18.3.x 系列中有一些回归。其中之一导致了您所看到的情况:客户端在握手期间被拒绝,服务器端登录了 insufficient security
。如果我没记错的话,这出现在补丁 18.3.3 中,并在 18.3.4 中得到修复。这不是客户端的问题。
在 18.3.2 中有一个回归,在 18.3.3 中修复,它阻止 RabbitMQ 完全启动(由于密码套件表示的变化)。
因此建议继续使用 18.3(初始版本)或更新到 19.x。
关于java - RabbitMQ 3.6.1/Erlang 18.3 TLS 安全性不足故障,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36784391/
我想实现一个 Erlang 解释器,最近我在阅读 Erlang 的标准库源代码。我在 erlang.erl 中找到 erlang:display/1 的源代码是: %% display/1 -spec
我即将用 Erlang 构建一个系统(我的问题可以用多个 CPU 更好地解决),我已经浏览了: 向你学习一些 Erlang; Erlang/OTP 在行动 编程 Erlang(阿姆斯壮); Erlan
我真的很难理解 Erlang 中的尾递归。 我有以下 eunit 测试: db_write_many_test() -> Db = db:new(), Db1 = db:write(f
我不确定或者我不知道 erlang 定位不在默认目录中的模块的传统方式。我知道它会查看已编译的文件夹和 erlang 的系统文件夹或 - lists:foreach(fun (E) -> io:fwr
对 Erlang 完全陌生。我正在尝试为函数组合定义一些函数,例如 compose , juxt和 pipe但是遇到这样一个事实,即 Erlang 没有(据我所知)可变参数,因此很难只编写适用于所有输
在 Erlang 中存储和管理高性能可变对象的最佳方法是什么?假设我想编写具有实时游戏玩法的非常简单的在线游戏服务器。不知何故,我需要在 Erlang 内存中表示玩家的状态。例如,它可能只是一个简单的
警告:前面的 erlang n00b。 我正在尝试掌握 erlang,只是尝试与牛仔一起使用基本的 hello world 应用程序。我正在模拟一个错误,基本上是在我的代码中的某处返回一个无效值,并试
当你向 shell 进程发送消息时,你可以通过调用: c:flush(). 来清除所有消息。 C:\Windows\System32>erl Eshell V5.9(使用 ^G 中止) 1> 自我()
这应该是一个简单的问题,但我不太了解文档,无法找到答案。 如果 OTP 管理器在崩溃后重新启动 gen_server,新子进程是否继承了崩溃进程的消息队列,或者消息是否在崩溃之前发送但尚未由旧子进程处
我将 net_ticktime 值设置为 600 秒。 net_kernel:set_net_ticktime(600) 在 net_ticktime = TickTime 的 Erlang 文档中:
我正在监视一个 Erlang 应用程序,我目前正在尝试确定特定 PID 已经运行了多长时间。绝对时间戳或持续时间对我有用,但我在 process_info 或通过 sys 模块看不到这些数据位中的任何
我想重新定义查找特定单词的元组的顺序 例如,我有一个像这样的元组列表: [{"a",["r001"]}, {"bi",["bidder"]}, {"bo",["an"]}] 但有时元组的顺序可能会
以下几行出现在 http://aosabook.org/en/riak.html 中,在该部分的第二段: 15.1. Erlang 简介 : "Calling the function with a
我认为 Erlang 节点之间的消息不应该很大。如果我想构建一个流服务器,通常每个连接都需要很大的带宽,Erlang 能做好吗?如果是,是否有任何开源代码可供我学习?我了解到 Erlang 很适合处理
下一个代码在结果中给了我 5.999999999999998,但正确答案是 6。 Alpha = math:acos((4*4 + 5*5 - 3*3) / (2*4*5)) Area = 1/2 *
注意:这是我的 previous question 的进化延续。关于类似的话题。 一段时间以来,我一直在寻找有关部署和更新 Erlang/OTP 版本(一组应用程序)的“最佳实践”,但我找不到任何直接
我试图在头文件中指定一个函数。 像这样: -spec update(pid(), tuple(tuple(), integer(), atom()), tuple(atom(), atom())) -
所以我在过去的八个小时里一直在使用 Erlang,我花了两个时间用我的头敲击键盘试图找出我的控制台不断返回的异常错误。 我正在编写一个骰子程序来学习erlang。我希望它能够通过 erlang 解释器
当我编译以下模块时: -module(x). -export([inp/0]). f(X) -> g(X). g(X) -> error(X). inp() -> f(123)
我目前正在开发一个实时媒体服务器,它将允许普通消费者向我们发送实时视频。在我们当前的环境中,我们已经看到发送给我们的广播持续了几天,因此能够在不断开用户连接的情况下修复错误(或添加功能)的想法非常引人
我是一名优秀的程序员,十分优秀!