rabbitmq cipher suites issues beginning with erlang 24.1

[rgoerner]

Hi,

I was just running in an issue on our labs while testing some latest releases.

With rabbitmq 3.9.x and erlang 24.0.6 and before, the settings

                {rsa,aes_256_cbc,sha},
                {rsa,aes_128_cbc,sha},

for cipher-suites are working well.

Beginning with erlang 24.1, those settings are ignored and the ciphersuites are not available on connecting to rabbitmq,

If you list the supported ciphers:

rabbitmq-diagnostics cipher_suites --format erlang -q | grep cbc

both, on erlang 24.0 and 24.1, they are supported. But with erlang 24.1, not available anymore when connecting.

Is this an issue with rabbitmq, or erlang? I am confused.

Thanks
Ronny

[michaelklishin]

I will convert this issue to a GitHub discussion. Currently GitHub will automatically close and lock the issue even though your question will be transferred and responded to elsewhere. This is to let you know that we do not intend to ignore this but this is how the current GitHub conversion mechanism makes it seem for the users :(

[michaelklishin]

RabbitMQ does not implement any cipher suites or TLS state machine parts.

[michaelklishin]

There is nothing relevant in the Erlang 24.1 release notes. The above suites are not on the list that passes testssl.sh and my best guess is that any suite relying on CBC might no longer be considered secure.

For TLS 1.2, here is the list of cipher suites which is a good start:

ssl_options.ciphers.1  = ECDHE-ECDSA-AES256-GCM-SHA384
ssl_options.ciphers.2  = ECDHE-RSA-AES256-GCM-SHA384
ssl_options.ciphers.3  = ECDH-ECDSA-AES256-GCM-SHA384
ssl_options.ciphers.4  = ECDH-RSA-AES256-GCM-SHA384
ssl_options.ciphers.5  = DHE-RSA-AES256-GCM-SHA384
ssl_options.ciphers.6  = DHE-DSS-AES256-GCM-SHA384
ssl_options.ciphers.7  = ECDHE-ECDSA-AES128-GCM-SHA256
ssl_options.ciphers.8  = ECDHE-RSA-AES128-GCM-SHA256
ssl_options.ciphers.9  = ECDH-ECDSA-AES128-GCM-SHA256
ssl_options.ciphers.10 = ECDH-RSA-AES128-GCM-SHA256
ssl_options.ciphers.11 = DHE-RSA-AES128-GCM-SHA256
ssl_options.ciphers.12 = DHE-DSS-AES128-GCM-SHA256

I can't suggest much more since you haven't clarified what "not available when connecting" means. This maybe an Erlang version and TLS library interplay or something else. You are welcome to ask on erlang-questions.

[christophmerscher]

Hi @michaelklishin,

I would like to join this discussion. I currently have the problem that I want to connect a device with RabbitMQ via MQTT and TLS. Unfortunately, this device only supports CBC ciphers, which is why I need this.

I am trying to use the cipher TLS_PSK_WITH_AES_128_CBC_SHA256. Therefore, I have also declared this in /etc/rabbitmq/rabbitmq.conf

# Ciphers
ssl_options.ciphers.1 = PSK-AES128-CBC-SHA256

However, every time I try to connect, I get the following error message

2021-11-18 09:31:46.022562+01:00 [notice] <0.20312.1> TLS server: In state hello at tls_handshake.erl:346 generated SERVER ALERT: Fatal - Insufficient Security
2021-11-18 09:31:46.022562+01:00 [notice] <0.20312.1>  - no_suitable_ciphers

My guess is that RabbitMQ does not accept this cipher because it is not listed under default in Erlang but under anonymous.

I know that this is the case because:

lists:member(ssl:str_to_suite("TLS_PSK_WITH_AES_128_CBC_SHA256"), ssl:cipher_suites(anonymous, 'tlsv1.2'))

returns true.

Could this be the case or is anything missing in the RabbitMQ conf ?

---

RabbitmQ: 3.9.8
Erlang: 24.1