RabbitMQ 3.6.1 / Erlang 18.3 TLS 不足安全故障
Posted
技术标签:
【中文标题】RabbitMQ 3.6.1 / Erlang 18.3 TLS 不足安全故障【英文标题】:RabbitMQ 3.6.1 / Erlang 18.3 TLS insufficient security failures 【发布时间】:2016-08-15 12:40:02 【问题描述】:我正在运行 RabbitMQ 3.6.1/Erlang 18.3,并发现我无法使用 Spring AMQP 1.5.4.RELEASE Java 客户端与代理建立 TLSv1 或 TLSv1.1 会话。但是,我能够与代理建立 TLSv1.2 会话。我的 RabbitMQ 代理配置为支持所有三个 tlsv1、tlsv1.1 和 tlsv1.2。我在 OS X 上使用 Java 1.8.0_77-b03。
这是我的 RabbitMQ 配置:
https://gist.github.com/ae6rt/de06d1efecf62fbe8cef31774d9be3d7
代理上的 Erlang 报告 ssl 版本
# erl
Eshell V7.3 (abort with ^G)
1> ssl:versions().
[ssl_app,"7.3",
supported,['tlsv1.2','tlsv1.1',tlsv1],
available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]]
这是 RabbitMQ 失败时记录的错误:
=ERROR REPORT==== 22-Apr-2016::03:19:02 ===
SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security
在 TLS 设置期间,我使用 tcpdump 嗅探安全端口 5671 上的流量。这是 tshark 对该数据的格式:
Frame 4: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Apr 21, 2016 20:09:38.053439000 PDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1461294578.053439000 seconds
[Time delta from previous captured frame: 0.013675000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.013840000 seconds]
Frame Number: 4
Frame Length: 210 bytes (1680 bits)
Capture Length: 210 bytes (1680 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
Ethernet II, Src: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c), Dst: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
Destination: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
Address: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
Address: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.2.2, Dst: 172.17.0.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 196
Identification: 0x0a1e (2590)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: TCP (6)
Header checksum: 0xb901 [validation disabled]
[Good: False]
[Bad: False]
Source: 10.0.2.2
Destination: 172.17.0.2
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 39141 (39141), Dst Port: 5671 (5671), Seq: 1, Ack: 1, Len: 156
Source Port: 39141
Destination Port: 5671
[Stream index: 0]
[TCP Segment Len: 156]
Sequence number: 1 (relative sequence number)
[Next sequence number: 157 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x6ef9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.000165000 seconds]
[Bytes in flight: 156]
Secure Sockets Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 151
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 147
Version: TLS 1.0 (0x0301)
Random
GMT Unix Time: Apr 21, 2016 20:09:38.000000000 PDT
Random Bytes: 742380f15c78a0409bd2817911699637f5c7879f27bf6dc1...
Session ID Length: 0
Cipher Suites Length: 44
Cipher Suites (22 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 62
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: sect193r1 (0x0004)
Elliptic curve: sect193r2 (0x0005)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: sect239k1 (0x0008)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Frame 6: 61 bytes on wire (488 bits), 61 bytes captured (488 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Apr 21, 2016 20:09:38.053842000 PDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1461294578.053842000 seconds
[Time delta from previous captured frame: 0.000377000 seconds]
[Time delta from previous displayed frame: 0.000403000 seconds]
[Time since reference or first frame: 0.014243000 seconds]
Frame Number: 6
Frame Length: 61 bytes (488 bits)
Capture Length: 61 bytes (488 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
Ethernet II, Src: 02:42:ac:11:00:02 (02:42:ac:11:00:02), Dst: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
Destination: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
Address: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
Address: 02:42:ac:11:00:02 (02:42:ac:11:00:02)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.17.0.2, Dst: 10.0.2.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 47
Identification: 0x3fb8 (16312)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x42fc [validation disabled]
[Good: False]
[Bad: False]
Source: 172.17.0.2
Destination: 10.0.2.2
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 5671 (5671), Dst Port: 39141 (39141), Seq: 1, Ack: 157, Len: 7
Source Port: 5671
Destination Port: 39141
[Stream index: 0]
[TCP Segment Len: 7]
Sequence number: 1 (relative sequence number)
[Next sequence number: 8 (relative sequence number)]
Acknowledgment number: 157 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 30016
[Calculated window size: 30016]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xb836 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.000165000 seconds]
[Bytes in flight: 7]
Secure Sockets Layer
TLSv1 Record Layer: Alert (Level: Fatal, Description: Insufficient Security)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Insufficient Security (71)
这里是 Spring 连接失败:
org.springframework.amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: insufficient_security
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:277)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:647)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:273)
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:510)
at com.xoom.inf.amqp.TlsTest.contactBrokerOverTLS(TlsTest.java:42)
我的 RabbitMQ 代理配置为协商 tlsv1、tlsv1.1 和 tlsv1.2。当代理应该支持时,为什么 tlsv1 和 tlsv1.1 的 TLS 设置会失败?同一个 Java 客户端可以与 RabbitMQ 3.3.1/Erlang R16B02 代理协商 TLSv1。
谢谢。
【问题讨论】:
我不知道您的问题的答案,但我可以建议您尝试调试ssl_handshake:select_session 在 github.com/otphub/ssl/blob/master/src/tls_handshake.erl#L158 中返回的内容吗?您可以添加一些日志记录,重新编译并重新加载模块或使用erlang.org/doc/man/dbg.html 记录每个函数接收和返回的内容。
感谢您的反馈。我没有明确尝试您的建议,但是您指向 Erlang 客户端问候代码的指针,其中提到密码套件的权限不足,促使我将注意力集中在密码上。当我调整我的 rabbitmq.config gist.github.com/ae6rt/2fdcc46119821cf490c8f3c444bd11d4 时,我可以成功建立所有 TLS 版本连接。我不能权威地回答我自己的问题为什么,但我怀疑让 erlang 默认使用某些密码套件对于 Erlang 18.3 来说不够好。
很高兴你设法解决了这个问题。 Erlang 18 中似乎有一些可用密码的变化:erlang.org/pipermail/erlang-questions/2015-September/… Erlang crypto 和 ssl 应用程序 erlang.org/download/otp_src_18.3.readme 也有其他更新,所以可能是一些默认值已经改变。
【参考方案1】:
在 18.3.x 系列中的 Erlang ssl 应用程序中存在一些回归。其中之一导致了您所看到的:在握手期间客户端被拒绝,insufficient security 在服务器端登录。如果我没记错的话,这出现在补丁 18.3.3 中,并在 18.3.4 中修复。这不是客户的问题。
在 18.3.2 中存在回归,在 18.3.3 中修复,这导致 RabbitMQ 根本无法启动(由于密码套件的表示发生了变化)。
因此建议继续使用 18.3(初始版本)或更新到 19.x。
【讨论】:
谢谢! 18.3.2 似乎是 Ubuntu 16.04 LTS 的当前版本(2017 年 4 月)的标准配置。这为我在升级服务器版本和 RabbitMQ 连接中断时省去了很多麻烦!以上是关于RabbitMQ 3.6.1 / Erlang 18.3 TLS 不足安全故障的主要内容,如果未能解决你的问题,请参考以下文章