rabbitmq-shovel amqps connection handshake failure

Question

I fail to setup a rabbitmq shovel over amqps. The same shovel works fine over amqp.

my (edited) uri:

amqps://un:pw@myhost.example.com:5679?cacertfile=/etc/ssl/certs/example.com.cacert.crt&certfile=/etc/ssl/certs/example.com.crt&keyfile=/etc/ssl/private/example.com.key&verify=verify_peer

the error in the stunnel log:

SSL_accept: 14094410: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

and the shovel status is

{{badmatch,{error,{tls_alert,"handshake failure"}}}

Connecting via openssl from the shell works:

openssl s_client -connect myhost.example.com:5679 -cert /etc/ssl/certs/example.com.crt -key /etc/ssl/private/example.com.key -CAfile /etc/ssl/certs/example.com.cacert.crt

returns

Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)

My rabbitmq.config:

[
  {kernel, [

  ]},
  {ssl, [{versions, ['tlsv1.2', 'tlsv1.1' ]}]},
  {rabbit, [
    {ssl_listeners, [5671]},
    {ssl_options, [{cacertfile,"/etc/ssl/certs/example.com.cacert.crt"},
                    {certfile,"/etc/ssl/certs/example.com.crt"},
                    {keyfile,"/etc/ssl/private/example.com.key"},
                    {versions, ['tlsv1.2', 'tlsv1.1']},
                    {depth, 2},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]},
    {tcp_listen_options, [binary, {packet,raw},
                                  {reuseaddr,true},
                                  {backlog,128},
                                  {nodelay,true},
                                  {exit_on_close,false},
                                  {keepalive,false}]},

    {default_user, <<"guest">>},
    {default_pass, <<"guest">>},
    {heartbeat, 580}
  ]}
]