Rabbitmq {tls_alert,“记录溢出”}

tag-icon tag-icon rabbitmq axis
Rabbitmq {tls_alert,“记录溢出”}

我有一个 RabbitMQ 3.3.5、Erlang R16B03-1,运行在 rhel7 上,并且禁用了防火墙和 selinux。

配置的ssl部分如下:

   {ssl_listeners, [15672]},
    {ssl_options, [
                   {certfile,"/etc/rabbitmq/ssl/server.cer"},
                   {keyfile,"/etc/rabbitmq/ssl/key.pem"},
                   {verify,verify_none},
                   {fail_if_no_peer_cert,false}
                  ]},

连接尝试的日志文件:

=INFO REPORT==== 7-Jan-2016::21:34:33 ===
accepting AMQP connection <0.354.0> (10.52.142.229:62631 -> 10.52.134.201:15672)

=INFO REPORT==== 7-Jan-2016::21:34:33 ===
accepting AMQP connection <0.358.0> (10.52.142.229:62632 -> 10.52.134.201:15672)

=ERROR REPORT==== 7-Jan-2016::21:34:37 ===
error on AMQP connection <0.314.0>:
{ssl_upgrade_error,{tls_alert,"record overflow"}}

=ERROR REPORT==== 7-Jan-2016::21:34:37 ===
error on AMQP connection <0.318.0>:
{ssl_upgrade_error,{tls_alert,"record overflow"}}

需要明确的是,它首先创建大约 10 个连接,然后在行中给出相同数量的 tls 警报。

客户端运行在RHEL6下,是一个基于apache axis的WSO2 ESB服务器,配置如下:

<transportSender name="rabbitmq" class="org.apache.axis2.transport.rabbitmq.RabbitMQSender">
        <parameter name="AMQPConnectionFactory" locked="false">
            <parameter name="rabbitmq.server.host.name" locked="false">JTIRABMQ01</parameter>
            <parameter name="rabbitmq.server.port" locked="false">15672</parameter>
            <parameter name="rabbitmq.server.user.name" locked="false">consumer</parameter>
            <parameter name="rabbitmq.server.password" locked="false">guest</parameter>
            <parameter name="rabbitmq.server.virtual.host" locked="false">myvhost</parameter>
            <parameter name="rabbitmq.connection.retry.interval" locked="false">10000</parameter>
            <parameter name="rabbitmq.connection.retry.count" locked="false">5</parameter>
        </parameter>
    </transportSender>

可能是什么原因?我找到了有关类似错误的信息这里

 Alternatively, this error message can show up without a valid cert

ERROR REPORT=== 23-Sep-2013::18:34:14 = error on AMQP connection <0.568.0>: {ssl_upgrade_error,"record overflow"} (unknown POSIX error)

(This is when sender and server are on separate machines and sender does not provide certs)

而且...我不想要任何基于证书的身份验证。这不应该是一个错误,因为它在选项中是允许的。

有什么建议可以解决我遇到的这个问题吗?

答案1

比我想象的要简单。客户端上没有这行代码:

<parameter name="rabbitmq.connection.ssl.enabled">true</parameter>

发起的连接标头是纯文本。因此,错误。

相关内容