I have two installations of RMQ in my environment.
Old installation has version 3.7.8 and erlang 21.1.
Newer installation has version 3.7.9 and erlang 21.2
New installation has this cipher only these suites supported. No ecdhe support at all unlike old installation that has twise more cipher suites.
sudo rabbitmq-diagnostics cipher_suites
Listing available cipher suites in the Erlang term format
[{dhe_rsa,aes_256_gcm,aead,sha384},
{dhe_dss,aes_256_gcm,aead,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{dhe_rsa,aes_128_gcm,aead,sha256},
{dhe_dss,aes_128_gcm,aead,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha}]
I can't log on to management plugin in chrome. It throws and ERR_SSL_VERSION_OR_CIPHER_MISMATCH exception.
How to add more cipher suites?
Originally posted here.
You may be running into an issue with limited cipher suite availability. Using Erlang 21.1, notice that the default number of available suites is less than the total (on my machine):
2> length(ssl:cipher_suites()).
36
3> length(ssl:cipher_suites(all)).
74
To test out the cipher suites theory, please do this:
Run the erl command
Run this command in the shell (the period is significant): rp(ssl:cipher_suites(all)).
You will see a list of all supported suites on your platform.
NOTE: in your case, you need to add the ciphers section to the rabbitmq_management section of rabbitmq.config. If you need assistance, follow up to your thread on the mailing list.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Related
I am using a very complex setup to test various non-public webpages. I use jenkins to run the python-selenium tests within a dockerimage. That way, I am completely independent of the jenkins environment and can create my own environment. In this environment I have the following software installed:
Ubuntu 16.04.3
Firefox: Mozilla Firefox 57.0.1
geckodriver: 0.18.0
nosetests: 1.3.7
selenium: 3.8.0
When running the tests, which mostly succeed, I see in the geckodriver.log output messages like
(firefox:55): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
/usr/bin/dbus-launch terminated abnormally without any error message
My questions:
What does this message mean?
Could that be an indication of the reason why sometimes the tests are failing?
If so, how to fix it?
The error you are seeing is :
(firefox:55): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
/usr/bin/dbus-launch terminated abnormally without any error message
So it is clear Firefox attempts to connect to D-BUS daemon and fails as dbus-launch gets terminated abnormally.
dbus-launch
dbus-launch is basically the utility to start a message bus by firefox through a shell script. It would normally be called from a user's login scripts. dbus-launch launches a session bus instance and print the address and pid of that instance to standard output.
You can read more about dbus-launch from the Linux man page
Root Cause
This error can arise if you use su (root), sudo, suedit, gksu. The main reason is DBUS_SESSION_BUS_ADDRESS retains its value when you su instead of picking up the value in /root/.dbus/session-bus.
Here you will find a detailed discussion on GConf Error: No D-BUS daemon running?! How to reinstall or fix?.
Another possible reason may be the base Firefox Browser version may be an older version on which updates were taken to reach the current version.
Solution :
There are a couple of solutions available to address this ubuntu related issue as follows :
Before you start Firefox you have to type export $(dbus-launch)
However this may result into another error with NSS_USE_SHARED_DB. So you have to use export NSS_USE_SHARED_DB=ENABLED as well.
The most convenient way would be to put all the configuration with in .bashrc file :
export $(dbus-launch)
export NSS_USE_SHARED_DB=ENABLED
firefox &
This discussion speaks about the solution in details.
If dbus-launch is not installed on your system you have to install dbus-x11 package which contains the dbus-launch program.
An effective solution would be to uninstall the older base version of Firefox Browser and install a recent released GA version of Firefox Browser.
Best Approach
The issue with dbus-launch was addressed properly by both Ubuntu and Mozila. To overcome this error you need to follow the below mentioned steps :
Keep your Ubuntu os updated with the Latest Patch Releases and updates.
Always use the latest released version of Selenium-Python client, WebDriver variant e.g. GeckoDriver and Web Browser, e.g. Firefox Browser.
Clean and Build the Project Workspace afresh through your IDE before and after executing your Test Suite.
Clear the Browser Cache before and after the execution of your Tests.
If you have to uninstall any of the Web Client variants (e.g. Mozilla Firefox) you can use Revo Uninstallar with Moderate Memory Scan so that the stale registry settings are discarded.
Use CCleaner tool regularly to wipe away the OS chores including the stale rust_mozprofile directories.
What does this message mean?
DBus is a message bus system for interprocess commutation. There is an open geckodriver issue on a similar if not the same subject:
request to geckodriver fails with no meaningful log entry when there is no access to $HOME/.mozilla or $HOME/.cache
Could that be an indication of the reason why sometimes the tests are failing?
The warning should not really affect the tests but it's difficult to speculate about your intermittent test failures without seeing what is actually happening in your tests.
If so, how to fix it?
Here are some things to try:
upgrade geckodriver to the latest stable version (currently 0.19.1)
update Firefox to the latest nightly version (currently 58)
try this answer
try this answer
For me the solution was to install dbus-x11
apt install dbus-x11
How do I know which cipher suites are supported for kaka.
I am using kafka kafka_2.10-0.10.1.1 version and
Java version
java -version
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
appreciate any advice?
Strength of Kafka cryptography depends on your java cryptography extension (jce) version. And Kafka can use all algorithms that are supported by jce (that are numerous).
Default java has limited support for cipher algorithms for instance max key length for AES is 128. For using maximum security you can download unlimited jce from oracle site and update it in your jre libs directory.
I need to do integration testing for a spring cloud application running with spring data on redis.
Tests work locally with the regular redis server instance and I need to run this on a Jenkins CI server that is controlled by the corporate CI engineering group.
Obviously I can attach to a redo server there so I used an embedded redis server (from here: https://github.com/kstyrc/embedded-redis).
Running tests locally with this redis server works well since there is a test profile to inject the embedded server in place of the production one.
Now the problem is that when we run this in the Jenkins environment this is the error we see.
/tmp/1430170830037-0/redis-server-2.8.19: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /tmp/1430170830037-0/redis-server-2.8.19)
So this version of redis has specific dependency on a specific version of glibc. I tried a couple of other libraries but they all depend on the same underlying version of the embedded redis server.
Is there a spring data mock framework that can be used to get around this sort of issue?
This might come a little late for you, but there is indeed a Spring Data Mock framework that you can use, which let's you mock repositories (regardless of the specific backend solution) without a real database connection.
Here is a link: https://github.com/mmnaseri/spring-data-mock
You don't have a high enough version of libc6, that is causing the error.
From How to fix “/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.14' not found”? – Super User:
That means the program was compiled against glibc version 2.14, and it requires that version to run, but your system has an older version installed. You'll need to either recompile the program against the version of glibc that's on your system, or install a newer version of glibc (the "libc6" package in Debian).
So, you just need to upgrade your libc6 package. All versions of Ubuntu have at least version 2.15 because it's a faily important package (reference).
To upgrade it, use these commands in a terminal:
sudo apt-get update
sudo apt-get install libc6
p.s. This is answer from askubuntu.com by minerz029
Today I asked myself what the differences between the two Node Manager versions are.
The documentation says:
Java-based Node Manager provides more security than the script-based version.
But why is the Java-based version more secure?
See: Node Manager Dokumentation
Determining Which Node Manager Version to Use:
The script based Node Manager requires a much simpler security configuration than the Java version. RSH and SSH are generally easier to configure than SSL which is the method of security used by the Java version of Node Manager. The script version of Node Manager also required a smaller footprint than the Java version
http://docs.oracle.com/cd/E13222_01/wls/docs92/server_start/nodemgr.html
I am using libpurple (libpurple.com) for developing a chat application.
Everything works fine on x86 processor (Desktop)
However, the same code when run on the ARM (iMx Freescale) processor shows error :
"SSL peer presented an invalid certificate", while logging in.
I am using the Ubuntu OS. All the packages seems to be present for the ARM processor just like in the x86 machine. (including gnutls dev package)
Any clues would be appreciated...
I had posted the question to the pidgin mailing list thus:
Hi all, I am using libpurple (package- 1:2.10.0-0ubuntu2) for
developing a chat application. Everything works fine on x86 processor
(Desktop - Ubuntu 11.10)
However, the same chat application (after cross-compilation) when run
on the ARM (iMx Freescale based on Ubuntu 11.10) processor shows
error:
"SSL peer presented an invalid certificate", while logging in.
--1-- All the packages seems to be present for the ARM target just like in the x86 machine. (including gnutls dev package, as mentioned
in FAQ
http://developer.pidgin.im/wiki/Installing%20Pidgin#IhaveOpenSSLwhyisntPidginusingit).
--2-- I have installed the ca-certificates package (updated it to the newest one in the Ubuntu repository for Ubuntu 11.10), using:
'apt-get install ca-certificates'.
--3-- Also tried copying the contents of "~/.purple/certificates/x509/tls_peers/", from the properly working
x86 machine to the target system.
The SSL error still persists after these. Any help in resolving this
issue would be highly appreciated. Thanks & Regards, Roy
and a certain reply post read:
-----Original Message----- From: Mark -----er [mailto:ma--#-----nt.net] Sent: Monday, June 11, 2012 8:42 PM To: Roy
Samuel (RB--/---4) Cc: support#pidgin.im Subject: Re: Error: SSL peer
presented an invalid certificate | running on ARM-ubuntu-11.10
You could try to figure out why Pidgin thinks the certificate is
invalid by running with "pidgin -d" to show lots of debug output (I'm
a little surprised the error message you're seeing doesn't already say
why it's invalid). The two most likely reasons I can think of are
either the clock on your ARM computer is wrong, or Pidgin still can't
find the CA certificates.
On changing the date on the target ARM board to the current date, the error was resolved!