RabbitMQ Ciphers
The cipher algorithms used by RabbitMQ can be configured to meet customer requirements using the following steps:
- Navigate to the server that is hosting the RabbitMQ service and stop the service.
- Navigate to the RabbitMQ configuration location, generally located at
C:\Program Files\SailPoint\RabbitMQ\data\rabbitmq.config
. -
With the desired cipher, update the current configuration to include the cipher section in the existing config file in both sections.
OR
-
Use the following example script to replace the current config file after updating the cipher section with the desired ciphers.
Example Script:
[{rabbitmq_management,
[{listener,
[{ssl_opts,
[ {ciphers, [
"ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384",
]},
{keyfile,
"C:/Program Files/SailPoint/RabbitMQ/certificates/key.pem"},
{certfile,
"C:/Program Files/SailPoint/RabbitMQ/certificates/rabbitmq.cer"},
{cacertfile,
"C:/Program Files/SailPoint/RabbitMQ/certificates/ca.cer"}]},
{ssl,true},
{port,15671}]}]},
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1', tlsv1]}]},
{rabbit,
[
{tcp_listeners, []},
{log,[{file,[{level,error}]}]},
{ssl_options,
[
{versions, ['tlsv1.2']},
{ciphers, [
"ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384",
]},
{keyfile,
"C:/Program Files/SailPoint/RabbitMQ/certificates/key.pem"},
{certfile,
"C:/Program Files/SailPoint/RabbitMQ/certificates/rabbitmq.cer"},
{cacertfile,
"C:/Program Files/SailPoint/RabbitMQ/certificates/ca.cer"},
{fail_if_no_peer_cert,false},
{verify,verify_peer}]},
{ssl_listeners,[5671]}]}].
Note
To find which ciphers are available, run a PowerShell command Get-TlsCipherSuite on the RabbitMQ machine. This will populate a list with a set of IANA names which can be used to search the site Ciphersuite Info to locate the OpenSSL name, which is what RabbitMQ configuration supports.
-
Restart the RabbitMQ service.
Note
If the configuration file is not properly updated, the service will fail to start.
-
Wait a few minutes and then login to the Admin Client.
- Navigate to the Health Center > Infrastructure tab and verify RabbitMQ is green.