求救， celery 用 ssl 连接 rabbitmq 问题

app.conf.broker_login_method = 'EXTERNAL'
app.conf.broker_use_ssl = {
    'keyfile': '/ssl/rabbitmq-server.key.pem',
    'certfile': '/ssl/rabbitmq-server.cert.pem',
    'ca_certs': '/ssl/cacert.pem',
    'cert_reqs': ssl.CERT_REQUIRED
    }

目前报错为

[2022-01-08 16:13:55,672: ERROR/MainProcess] beat: Connection error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1122). Trying again in 4.0 seconds...

是否是两边 ssl 版本不对问题？尝试在 broker_use_ssl 中添加 'ssl_version': ssl.PROTOCOL_TLSv1_2 之后仍然报这个错误

Supplement 1 · Jan 8, 2022

看了下rabbitmq环境变量ssl版本是1.1，客户端连接这边也修改成1.1之后就变成报这个错误了

[2022-01-08 17:57:50,399: ERROR/MainProcess] beat: Connection error: [SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:1122). Trying again in 2.0 seconds...

2 replies • 2022-01-09 21:29:04 +08:00

hxndg

Jan 9, 2022

光看英文是说 tlsv1 不安全，改成 tls1.2

hxndg

Jan 9, 2022

或者试试 tls1.3