Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow for flexiable SSL cipher formats #280

Merged
merged 1 commit into from Jul 17, 2015

Conversation

Projects
None yet
2 participants
@kramvan1
Copy link
Contributor

commented Jun 29, 2015

Current cookbook (my bad) forced the ssl cipher format to be enclosed with single quotes. This turns out to be almost a completely invalid way of specifying ssl ciphers. This patch removes those quotes and leaves it up to the user to specify ssl ciphers in any of the various formats, like those used in the spec and shown below.

Using erlang style cipher suite configuration, (see output of command rabbitmqctl eval 'ssl:cipher_suites(erlang)', which is lower cases with {}:

node['rabbitmq']['ssl_ciphers'] = %w({ecdhe_ecdsa,aes_256_cbc,sha384} {ecdh_ecdsa,aes_256_cbc,sha384})

Using UPPERCASE cipher constants:

node['rabbitmq']['ssl_ciphers'] = %w("ECDHE-ECDSA-AES256-SHA384" "ECDH-ECDSA-AES256-SHA384")

Allow more flexibility in the ssl cipher formats
Current cookbook (my bad) forced the ssl cipher format to be enclosed
with single quotes. This turns out to be almost a completely invalid
way of specifying ssl ciphers. This patch removes those quotes and
leaves it up to the user to specify ssl ciphers and any of the various
formats, like those used in the spec and shown below.

Using erlang style cipher suite configuration,
(see output of command rabbitmqctl eval 'ssl:cipher_suites(erlang)',
which is lower cases with {}:

node['rabbitmq']['ssl_ciphers'] =
  %w({ecdhe_ecdsa,aes_256_cbc,sha384} {ecdh_ecdsa,aes_256_cbc,sha384})

Using UPPERCASE cipher constants:

node['rabbitmq']['ssl_ciphers'] =
  %w("ECDHE-ECDSA-AES256-SHA384" "ECDH-ECDSA-AES256-SHA384")
@jjasghar

This comment has been minimized.

Copy link
Collaborator

commented Jul 7, 2015

I'm planning on releasing another version of the rabbitmq cookbook this by end of week

@kramvan1

This comment has been minimized.

Copy link
Contributor Author

commented Jul 16, 2015

@jjasghar thx, getting this one out of the way would be great! 👍

@jjasghar jjasghar merged commit 492ac52 into rabbitmq:master Jul 17, 2015

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

openstack-gerrit pushed a commit to openstack/cookbook-openstack-ops-messaging that referenced this pull request Jul 25, 2015

Pick up ssl ciphers fix in rabbitmq cookbook
from pull request: rabbitmq/chef-cookbook#280

Change-Id: Ie803255049b44ceaa7e4715db2a5e4cc70a78c31
Related-Bug: #1465846

openstack-gerrit pushed a commit to openstack/openstack-chef-repo that referenced this pull request Jul 27, 2015

Pick up ssl ciphers fix in rabbitmq cookbook
from pull request: rabbitmq/chef-cookbook#280

Depends-On: Ie803255049b44ceaa7e4715db2a5e4cc70a78c31

Change-Id: Ibc74640f9b8bf26815918e5c9da2c4245e691d31
Related-Bug: #1465846
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.