Skip to content

Commit 4dcfdf5

Browse files
committed
Bugfix for ssl_versions in rabbitmq.config so Erlang/RabbitMQ respect them.
The format reference example is given in https://www.rabbitmq.com/ssl.html#disabling-tls-versions Also add version list for rabbitmq_management config ssl_opts.
1 parent c47a8be commit 4dcfdf5

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

templates/rabbitmq.config.erb

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
% This file managed by Puppet
22
% Template Path: <%= @module_name %>/templates/rabbitmq.config
33
[
4+
<%- if @ssl and @ssl_versions -%>
5+
{ssl, [{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}]},
6+
<%- end -%>
47
{rabbit, [
58
<% if @ldap_auth -%>
69
{auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},
@@ -16,17 +19,14 @@
1619
{tcp_listeners, []},
1720
<%- end -%>
1821
<%- if @ssl -%>
19-
<%- if @ssl_versions -%>
20-
{ssl, [{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}]},
21-
<%- end -%>
2222
{ssl_listeners, [<%= @ssl_port %>]},
2323
{ssl_options, [<%- if @ssl_cacert != 'UNSET' -%>{cacertfile,"<%= @ssl_cacert %>"},<%- end -%>
2424
{certfile,"<%= @ssl_cert %>"},
2525
{keyfile,"<%= @ssl_key %>"},
2626
{verify,<%= @ssl_verify %>},
2727
{fail_if_no_peer_cert,<%= @ssl_fail_if_no_peer_cert %>}
2828
<%- if @ssl_versions -%>
29-
,{ssl, [{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}]}
29+
,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}
3030
<% end -%>]},
3131
<%- end -%>
3232
<% if @config_variables -%>
@@ -49,7 +49,10 @@
4949
{ssl, true},
5050
{ssl_opts, [<%- if @ssl_cacert != 'UNSET' -%>{cacertfile, "<%= @ssl_cacert %>"},<%- end -%>
5151
{certfile, "<%= @ssl_cert %>"},
52-
{keyfile, "<%= @ssl_key %>"}]}
52+
{keyfile, "<%= @ssl_key %>"}
53+
<%- if @ssl_versions -%>
54+
,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}
55+
<% end -%>]}
5356
<%- else -%>
5457
{port, <%= @management_port %>}
5558
<%- end -%>

0 commit comments

Comments
 (0)