How to disable cleartext authentication mechanisms in the amqp configuration ?
without going into TLS details, you must:
Disable normal authentication, by stop using non-TLS port 5672 by leaving config entry empty {tcp_listeners, []}
Enable TLS by adding config entry {ssl_listeners, [5671]}
Further configure TLS support details on server, like
{ssl_options, [{cacertfile,"/path/to/ca_certificate_bundle.pem"},
{certfile,"/path/to/server_certificate.pem"},
{keyfile,"/path/to/server_key.pem"},
{depth, 2},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
Make sure your client API supports TLS for peer verification (as well as securing the traffic). Here you have the .NET and Java client APIs details.
Notes:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With