Rabbitmq {tls_alert,"record overflow"}

Question

I have a RabbitMQ 3.3.5, Erlang R16B03-1 running on rhel7 with firewall and selinux disabled.

The ssl part of config is as follows:

   {ssl_listeners, [15672]},
    {ssl_options, [
                   {certfile,"/etc/rabbitmq/ssl/server.cer"},
                   {keyfile,"/etc/rabbitmq/ssl/key.pem"},
                   {verify,verify_none},
                   {fail_if_no_peer_cert,false}
                  ]},

The log file of the connection attempt:

=INFO REPORT==== 7-Jan-2016::21:34:33 ===
accepting AMQP connection <0.354.0> (10.52.142.229:62631 -> 10.52.134.201:15672)

=INFO REPORT==== 7-Jan-2016::21:34:33 ===
accepting AMQP connection <0.358.0> (10.52.142.229:62632 -> 10.52.134.201:15672)

=ERROR REPORT==== 7-Jan-2016::21:34:37 ===
error on AMQP connection <0.314.0>:
{ssl_upgrade_error,{tls_alert,"record overflow"}}

=ERROR REPORT==== 7-Jan-2016::21:34:37 ===
error on AMQP connection <0.318.0>:
{ssl_upgrade_error,{tls_alert,"record overflow"}}

Just to be clear it first creates about 10 connections and then gives the same number of tls alerts in the row.

The client side runs under RHEL6. It is a WSO2 ESB server which is apache axis based. The config is as follows:

<transportSender name="rabbitmq" class="org.apache.axis2.transport.rabbitmq.RabbitMQSender">
        <parameter name="AMQPConnectionFactory" locked="false">
            <parameter name="rabbitmq.server.host.name" locked="false">JTIRABMQ01</parameter>
            <parameter name="rabbitmq.server.port" locked="false">15672</parameter>
            <parameter name="rabbitmq.server.user.name" locked="false">consumer</parameter>
            <parameter name="rabbitmq.server.password" locked="false">guest</parameter>
            <parameter name="rabbitmq.server.virtual.host" locked="false">myvhost</parameter>
            <parameter name="rabbitmq.connection.retry.interval" locked="false">10000</parameter>
            <parameter name="rabbitmq.connection.retry.count" locked="false">5</parameter>
        </parameter>
    </transportSender>

What could be the reason? I found info about similar error here:

 Alternatively, this error message can show up without a valid cert

ERROR REPORT=== 23-Sep-2013::18:34:14 = error on AMQP connection <0.568.0>: {ssl_upgrade_error,"record overflow"} (unknown POSIX error)

(This is when sender and server are on separate machines and sender does not provide certs)

And... I don't want any certificate based authentication. It should not be an error since it is allowed in the options.

Any suggestions how I could potentially work around it?

score 1 · Answer 1 · answered Jan 08 '16 at 00:32

1

Simpler then I thought. Without this line on the client side:

<parameter name="rabbitmq.connection.ssl.enabled">true</parameter>

the header of the connection that gets initiated is plaintext. Thus, error.

answered Jan 08 '16 at 00:32

user3081519

253
2
13

Rabbitmq {tls_alert,"record overflow"}

1 Answers1