1. ホーム
  2. 質問と答え
  3. RabbitMQ 3.6.1/Erlang 18.3 TLSでセキュリティの不備が不十分

RabbitMQ 3.6.1/Erlang 18.3 TLSでセキュリティの不備が不十分

2016-04-22 9 views
9

RabbitMQ 3.6.1/Erlang 18.3を実行していて、Spring AMQP 1.5.4を使用してTLSv1セッションまたはTLSv1.1セッションをブローカと確立できないことがわかりました。 .RELEASE Javaクライアント。しかし、私はブローカとのTLSv1.2セッションを確立することができます。私のRabbitMQブローカーは、tlsv1、tlsv1.1、およびtlsv1.2の3つすべてをサポートするように構成されています。これは誤りであるRabbitMQ 3.6.1/Erlang 18.3 TLSでセキュリティの不備が不十分

https://gist.github.com/ae6rt/de06d1efecf62fbe8cef31774d9be3d7

アーランブローカーのレポートのSSLバージョンで

# erl                                             
Eshell V7.3 (abort with ^G) 
1> ssl:versions(). 
[{ssl_app,"7.3"}, 
{supported,['tlsv1.2','tlsv1.1',tlsv1]}, 
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]

を:私は私のRabbitMQの設定がある。ここOS X上で

をするJava 1.8.0_77-B03を使用していますRabbitMQは失敗時にログに記録します:

=ERROR REPORT==== 22-Apr-2016::03:19:02 === 
SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security

私はtcpdumpを使用しましたTLSセットアップ中にセキュアポート5671上のトラフィックをスニッフィングします。ここでは、そのデータのtsharkののフォーマットは次のとおりです。ここで

Frame 4: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits) 
    Encapsulation type: Ethernet (1) 
    Arrival Time: Apr 21, 2016 20:09:38.053439000 PDT 
    [Time shift for this packet: 0.000000000 seconds] 
    Epoch Time: 1461294578.053439000 seconds 
    [Time delta from previous captured frame: 0.013675000 seconds] 
    [Time delta from previous displayed frame: 0.000000000 seconds] 
    [Time since reference or first frame: 0.013840000 seconds] 
    Frame Number: 4 
    Frame Length: 210 bytes (1680 bits) 
    Capture Length: 210 bytes (1680 bits) 
    [Frame is marked: False] 
    [Frame is ignored: False] 
    [Protocols in frame: eth:ethertype:ip:tcp:ssl] 
Ethernet II, Src: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c), Dst: 02:42:ac:11:00:02 (02:42:ac:11:00:02) 
    Destination: 02:42:ac:11:00:02 (02:42:ac:11:00:02) 
     Address: 02:42:ac:11:00:02 (02:42:ac:11:00:02) 
     .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) 
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast) 
    Source: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c) 
     Address: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c) 
     .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) 
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast) 
    Type: IPv4 (0x0800) 
Internet Protocol Version 4, Src: 10.0.2.2, Dst: 172.17.0.2 
    0100 .... = Version: 4 
    .... 0101 = Header Length: 20 bytes 
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 
     0000 00.. = Differentiated Services Codepoint: Default (0) 
     .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) 
    Total Length: 196 
    Identification: 0x0a1e (2590) 
    Flags: 0x00 
     0... .... = Reserved bit: Not set 
     .0.. .... = Don't fragment: Not set 
     ..0. .... = More fragments: Not set 
    Fragment offset: 0 
    Time to live: 63 
    Protocol: TCP (6) 
    Header checksum: 0xb901 [validation disabled] 
     [Good: False] 
     [Bad: False] 
    Source: 10.0.2.2 
    Destination: 172.17.0.2 
    [Source GeoIP: Unknown] 
    [Destination GeoIP: Unknown] 
Transmission Control Protocol, Src Port: 39141 (39141), Dst Port: 5671 (5671), Seq: 1, Ack: 1, Len: 156 
    Source Port: 39141 
    Destination Port: 5671 
    [Stream index: 0] 
    [TCP Segment Len: 156] 
    Sequence number: 1 (relative sequence number) 
    [Next sequence number: 157 (relative sequence number)] 
    Acknowledgment number: 1 (relative ack number) 
    Header Length: 20 bytes 
    Flags: 0x018 (PSH, ACK) 
     000. .... .... = Reserved: Not set 
     ...0 .... .... = Nonce: Not set 
     .... 0... .... = Congestion Window Reduced (CWR): Not set 
     .... .0.. .... = ECN-Echo: Not set 
     .... ..0. .... = Urgent: Not set 
     .... ...1 .... = Acknowledgment: Set 
     .... .... 1... = Push: Set 
     .... .... .0.. = Reset: Not set 
     .... .... ..0. = Syn: Not set 
     .... .... ...0 = Fin: Not set 
     [TCP Flags: *******AP***] 
    Window size value: 65535 
    [Calculated window size: 65535] 
    [Window size scaling factor: -2 (no window scaling used)] 
    Checksum: 0x6ef9 [validation disabled] 
     [Good Checksum: False] 
     [Bad Checksum: False] 
    Urgent pointer: 0 
    [SEQ/ACK analysis] 
     [iRTT: 0.000165000 seconds] 
     [Bytes in flight: 156] 
Secure Sockets Layer 
    SSL Record Layer: Handshake Protocol: Client Hello 
     Content Type: Handshake (22) 
     Version: TLS 1.0 (0x0301) 
     Length: 151 
     Handshake Protocol: Client Hello 
      Handshake Type: Client Hello (1) 
      Length: 147 
      Version: TLS 1.0 (0x0301) 
      Random 
       GMT Unix Time: Apr 21, 2016 20:09:38.000000000 PDT 
       Random Bytes: 742380f15c78a0409bd2817911699637f5c7879f27bf6dc1... 
      Session ID Length: 0 
      Cipher Suites Length: 44 
      Cipher Suites (22 suites) 
       Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 
       Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 
       Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) 
       Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) 
       Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) 
       Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) 
       Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) 
       Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 
       Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 
       Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) 
       Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) 
       Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) 
       Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) 
       Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) 
       Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) 
       Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) 
       Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) 
       Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) 
       Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) 
       Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) 
       Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) 
       Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) 
      Compression Methods Length: 1 
      Compression Methods (1 method) 
       Compression Method: null (0) 
      Extensions Length: 62 
      Extension: elliptic_curves 
       Type: elliptic_curves (0x000a) 
       Length: 52 
       Elliptic Curves Length: 50 
       Elliptic curves (25 curves) 
        Elliptic curve: secp256r1 (0x0017) 
        Elliptic curve: sect163k1 (0x0001) 
        Elliptic curve: sect163r2 (0x0003) 
        Elliptic curve: secp192r1 (0x0013) 
        Elliptic curve: secp224r1 (0x0015) 
        Elliptic curve: sect233k1 (0x0006) 
        Elliptic curve: sect233r1 (0x0007) 
        Elliptic curve: sect283k1 (0x0009) 
        Elliptic curve: sect283r1 (0x000a) 
        Elliptic curve: secp384r1 (0x0018) 
        Elliptic curve: sect409k1 (0x000b) 
        Elliptic curve: sect409r1 (0x000c) 
        Elliptic curve: secp521r1 (0x0019) 
        Elliptic curve: sect571k1 (0x000d) 
        Elliptic curve: sect571r1 (0x000e) 
        Elliptic curve: secp160k1 (0x000f) 
        Elliptic curve: secp160r1 (0x0010) 
        Elliptic curve: secp160r2 (0x0011) 
        Elliptic curve: sect163r1 (0x0002) 
        Elliptic curve: secp192k1 (0x0012) 
        Elliptic curve: sect193r1 (0x0004) 
        Elliptic curve: sect193r2 (0x0005) 
        Elliptic curve: secp224k1 (0x0014) 
        Elliptic curve: sect239k1 (0x0008) 
        Elliptic curve: secp256k1 (0x0016) 
      Extension: ec_point_formats 
       Type: ec_point_formats (0x000b) 
       Length: 2 
       EC point formats Length: 1 
       Elliptic curves point formats (1) 
        EC point format: uncompressed (0) 

Frame 6: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) 
    Encapsulation type: Ethernet (1) 
    Arrival Time: Apr 21, 2016 20:09:38.053842000 PDT 
    [Time shift for this packet: 0.000000000 seconds] 
    Epoch Time: 1461294578.053842000 seconds 
    [Time delta from previous captured frame: 0.000377000 seconds] 
    [Time delta from previous displayed frame: 0.000403000 seconds] 
    [Time since reference or first frame: 0.014243000 seconds] 
    Frame Number: 6 
    Frame Length: 61 bytes (488 bits) 
    Capture Length: 61 bytes (488 bits) 
    [Frame is marked: False] 
    [Frame is ignored: False] 
    [Protocols in frame: eth:ethertype:ip:tcp:ssl] 
Ethernet II, Src: 02:42:ac:11:00:02 (02:42:ac:11:00:02), Dst: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c) 
    Destination: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c) 
     Address: 02:42:f5:68:bc:7c (02:42:f5:68:bc:7c) 
     .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) 
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast) 
    Source: 02:42:ac:11:00:02 (02:42:ac:11:00:02) 
     Address: 02:42:ac:11:00:02 (02:42:ac:11:00:02) 
     .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) 
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast) 
    Type: IPv4 (0x0800) 
Internet Protocol Version 4, Src: 172.17.0.2, Dst: 10.0.2.2 
    0100 .... = Version: 4 
    .... 0101 = Header Length: 20 bytes 
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 
     0000 00.. = Differentiated Services Codepoint: Default (0) 
     .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) 
    Total Length: 47 
    Identification: 0x3fb8 (16312) 
    Flags: 0x02 (Don't Fragment) 
     0... .... = Reserved bit: Not set 
     .1.. .... = Don't fragment: Set 
     ..0. .... = More fragments: Not set 
    Fragment offset: 0 
    Time to live: 64 
    Protocol: TCP (6) 
    Header checksum: 0x42fc [validation disabled] 
     [Good: False] 
     [Bad: False] 
    Source: 172.17.0.2 
    Destination: 10.0.2.2 
    [Source GeoIP: Unknown] 
    [Destination GeoIP: Unknown] 
Transmission Control Protocol, Src Port: 5671 (5671), Dst Port: 39141 (39141), Seq: 1, Ack: 157, Len: 7 
    Source Port: 5671 
    Destination Port: 39141 
    [Stream index: 0] 
    [TCP Segment Len: 7] 
    Sequence number: 1 (relative sequence number) 
    [Next sequence number: 8 (relative sequence number)] 
    Acknowledgment number: 157 (relative ack number) 
    Header Length: 20 bytes 
    Flags: 0x018 (PSH, ACK) 
     000. .... .... = Reserved: Not set 
     ...0 .... .... = Nonce: Not set 
     .... 0... .... = Congestion Window Reduced (CWR): Not set 
     .... .0.. .... = ECN-Echo: Not set 
     .... ..0. .... = Urgent: Not set 
     .... ...1 .... = Acknowledgment: Set 
     .... .... 1... = Push: Set 
     .... .... .0.. = Reset: Not set 
     .... .... ..0. = Syn: Not set 
     .... .... ...0 = Fin: Not set 
     [TCP Flags: *******AP***] 
    Window size value: 30016 
    [Calculated window size: 30016] 
    [Window size scaling factor: -2 (no window scaling used)] 
    Checksum: 0xb836 [validation disabled] 
     [Good Checksum: False] 
     [Bad Checksum: False] 
    Urgent pointer: 0 
    [SEQ/ACK analysis] 
     [iRTT: 0.000165000 seconds] 
     [Bytes in flight: 7] 
Secure Sockets Layer 
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Insufficient Security) 
     Content Type: Alert (21) 
     Version: TLS 1.0 (0x0301) 
     Length: 2 
     Alert Message 
      Level: Fatal (2) 
      Description: Insufficient Security (71)

は、春の接続の失敗は、次のとおりです。

org.springframework.amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: insufficient_security 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) 
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) 
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) 
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) 
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) 
    at java.io.DataOutputStream.flush(DataOutputStream.java:123) 
    at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129) 
    at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134) 
    at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:277) 
    at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:647) 
    at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:273) 
    at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:510) 
    at com.xoom.inf.amqp.TlsTest.contactBrokerOverTLS(TlsTest.java:42)

マイRabbitMQのブローカーはTLSv1の、tlsv1.1、およびtlsv1.2を交渉するよう構成されています。ブローカがサポートする必要があるときにtlsv1とtlsv1.1のTLSセットアップが失敗するのはなぜですか?同じJavaクライアントが、RabbitMQ 3.3.1/Erlang R16B02ブローカでTLSv1をネゴシエートできます。

ありがとうございます。

出典

2016-04-22 ae6rt

+1

あなたの質問に対する答えはわかりませんが、 'ssl_handshake:select_session'がhttps://github.com/otphub/ssl/blob/master/src/tls_handshakeで返すものをデバッグしようとすることをお勧めします.erl#L158?モジュールのロギング、再コンパイル、リロード、またはhttp://erlang.org/doc/man/dbg.htmlを使用して、各関数が受け取ったものと戻すものを記録することができます。 – Amiramix

+6

フィードバックに感謝いたします。私はあなたが示唆したことを明示的に試しませんでしたが、暗号スイートの周りに不十分な特権が挙げられているErlangクライアント - helloコードへのポインタは、暗号に私の注意を集中させました。私がrabbitmq.configを調整すると、https://gist.github.com/ae6rt/2fdcc46119821cf490c8f3c444bd11d4私は正常にすべてのTLSバージョンを確立することができます。私は正式に私自身の質問に答えることはできませんが、erlangをいくつかの暗号スイートにデフォルトさせることは、Erlang 18.3では十分ではないと思われます。 – ae6rt

+0

あなたはこれを解決することができました。 Erlang 18には利用可能な暗号がいくつか変更されているようです:http://erlang.org/pipermail/erlang-questions/2015-September/085913.html Erlang 'crypto'と' ssl'アプリケーションhttp: //erlang.org/download/otp_src_18.3.readmeデフォルトが変更されている可能性があります。 – Amiramix

答えて

1

18.3.xシリーズのErlang sslアプリケーションにはいくつかの回帰がありました。そのうちの1つが、あなたが見ているものを引き起こしました。クライアントが握手中に拒否しました。サーバー側にinsufficient securityが記録されています。私が正しく覚えていれば、これはパッチ18.3.3に現れ、18.3.4で修正されました。これはクライアントからの問題ではありません。

18.3.2で回帰があり、18.3.3で修正されました.RabbitMQが(暗号スイートの表現が変更されたために)まったく開始できませんでした。

したがって、18.3(初期リリース)または19.xに更新することをお勧めします。

出典

2016-12-05 10:10:15

+0

感謝します! 18.3.2はUbuntu 16.04 LTSの現在のバージョン(4月の17日)に標準で登場するようです。これにより、サーバーのバージョンをアップグレードしてRabbitMQ接続が壊れたとき、私に多くの問題が救われました。 –

関連する問題

 関連する問題