ssl_upgrade_error rabbitMQ

ssl_upgrade_error rabbitMQ

我已成功配置 RabbitMQ 以接受 TLS 连接(仅限 TLS1.1 和 TLS1.2)

现在我已经编写了一个 Java 连接到 rabbitMQ-Server 的程序。

服务器 (10.0.0.120) 和 2 个客户端 (10.0.0.121-122) 都 运行 在几乎相同配置的单独 RaspberryPI 上

我可以使用 openssl 连接到服务器

root@10.0.0.122:~# openssl s_client -connect 10.0.0.120:5671
...
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA256
    Session-ID:     2D1E2F6CECA4DCB3D7403E9DEF9F9DEAADF5AC15298D6CA54120F26D70D5E4A7
    Session-ID-ctx:
    Master-Key:     003C06F78281F23D8E2D7432E84B59EEABE586FA4472CF29259F8E7DAE4BD5F2F678A7F4FA27F9FBE6616481BAEEA131
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1422352831
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

root@10.0.0.121:~# openssl s_client -connect 10.0.0.120:5671
...
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA256
    Session-ID:         B5538A83AE671DF2295632D02549C2E3059EED8DC73235DCE3D58FD69ABF7A62
    Session-ID-ctx:
    Master-Key: 86F3DDB68E5AB3796A9B762289AE7BD6D0E9A71CB549836D1A01C468180CAB98B9B819A1AF2255AE0BBF8B5911823EB8
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1422352895
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

两者具有相同的 java 版本

root@10.0.0.121:~# java -version
java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) Client VM (build 24.0-b56, mixed mode)

root@10.0.0.122:~# java -version
java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) Client VM (build 24.0-b56, mixed mode)

两者都是 运行 同一个 jar 文件

root@10.0.0.121:~# md5sum rabbitReceive.jar
6df91e2e714341588908798f7e28fa10  rabbitReceive.jar

root@10.0.0.122:~# md5sum rabbitReceive.jar
6df91e2e714341588908798f7e28fa10  rabbitReceive.jar

当我在 10.0.0.122 上启动 JAR 文件时(它工作的地方!)我在 rabbitMQ 服务器日志中得到了这个

=INFO REPORT==== 27-Jan-2015::11:07:11 ===
accepting AMQP connection <0.3709.0> (10.0.0.121:52944 -> 10.0.0.120:5671)

当我在 10.0.0.121 上启动 Jar 文件时,我在 rabbitMQ 服务器日志中得到了这个

=INFO REPORT==== 27-Jan-2015::11:08:06 ===
accepting AMQP connection <0.3755.0> (10.0.0.122:37283 -> 10.0.0.120:5671)

=ERROR REPORT==== 27-Jan-2015::11:08:11 ===
Error on AMQP connection <0.3755.0>:
 {ssl_upgrade_error,timeout}

以及客户端 JVM 中的这个异常

java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:196)
    at java.net.SocketInputStream.read(SocketInputStream.java:122)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
    at sun.security.ssl.InputRecord.read(InputRecord.java:480)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1705)
    at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122                                                                                                                                                                                                                                             )
    at sun.security.ssl.Handshaker.kickstart(Handshaker.java:909)
    at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:                                                                                                                                                                                                                                             1423)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.                                                                                                                                                                                                                                             java:1288)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82                                                                                                                                                                                                                                             )
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at java.io.DataOutputStream.flush(DataOutputStream.java:123)
    at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHan                                                                                                                                                                                                                                             dler.java:129)
    at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHan                                                                                                                                                                                                                                             dler.java:134)
    at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:278)
    at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory                                                                                                                                                                                                                                             .java:617)
    at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory                                                                                                                                                                                                                                             .java:639)
    at rabbitMqTest.Test.main(Test.java:97)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.                                                                                                                                                                                                                                             java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces                                                                                                                                                                                                                                             sorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoa                                                                                                                                                                                                                                             der.java:58)

任何想法可能是什么问题?

如您所见,从您的 jar 启动到出现错误之间正好有 5 秒。

默认情况下,ssl 握手超时设置为 5 秒。你的问题是 ssl 握手无法在默认的 5 秒内完成。

您需要更改 NORMAL_TIMEOUT 并可能更改 rabbit_reader.erl 顶部的 HANDSHAKE_TIMEOUT 以增加超时。

您可以找到描述的配置设置 here