TLS (SSL) connections to RabbitMQ from Clojure with Langohr

About This Guide

This guide covers TLS (SSL) connections to RabbitMQ with Langohr.

This work is licensed under a Creative Commons Attribution 3.0 Unported License (including images and stylesheets). The source is available on Github.

What version of Langohr does this guide cover?

This guide covers Langohr 3.6.x.

TLS Support in RabbitMQ

RabbitMQ version 2.x and 3.x support TLS/SSL on Erlang R16B01 or later. Using the most recent version (e.g. 17.5) is recommended.

To use TLS with RabbitMQ, you need a few things:

Client certificate (public key) and key (private key)
Server certificate and key
Configure RabbitMQ to use TLS
If server certificate is self-signed, issuing CA's certificate

Generating Certificates For Development

The easiest way to generate a CA, server and client keys and certificates is by using tls-gen. It requires openssl and make to be available.

See RabbitMQ TLS/SSL guide for more information about TLS support on various platforms.

Enabling TLS/SSL Support in RabbitMQ

TLS/SSL support is enabled using two arguments:

ssl_listeners (a list of ports TLS connections will use)
ssl_options (a proplist of options such as CA certificate file location, server key file location, and so on)

An example:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},
                    {certfile,"/path/to/server/cert.pem"},
                    {keyfile,"/path/to/server/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

Note that all paths must be absolute (no ~ and other shell-isms) and be readable by the OS user RabbitMQ uses.

Learn more in the RabbitMQ TLS/SSL guide.

Connecting to RabbitMQ with Langohr Using TLS/SSL

TBD

:ssl (a boolean) which, when set to true, will enable TLS on the connection and switch it to TLS port (5671)
:ssl-context (a javax.net.ssl.SSLContext instance) which will provide TLS private key and certificate information, and more

An example:

(ns langohr.examples
  (:require [langohr.core :as rmq]))

;; connect to localhost:5671 using TLS (SSLv3)
(rmq/connect {:ssl true})

If you configure RabbitMQ to accept TLS connections on a separate port, you need to specify all three of :ssl, :ssl-context, and :port.

TBD: a convenient way to create an SSL context

What to Read Next

The documentation is organized as a number of guides, covering various topics.

Tell Us What You Think!

Please take a moment to tell us what you think about this guide on Twitter or RabbitMQ mailing list.

Let us know what was unclear or what has not been covered. Maybe you do not like the guide style or grammar or discover spelling mistakes. Reader feedback is key to making the documentation better.

Tell Us What You Think!

Please take a moment to tell us what you think about this guide on Twitter or the Clojure RabbitMQ mailing list

Let us know what was unclear or what has not been covered. Maybe you do not like the guide style or grammar or discover spelling mistakes. Reader feedback is key to making the documentation better.