topic Re: Disable cleartext authentication mechanisms in the AMQP configuration. in Product Forum

Disable cleartext authentication mechanisms in the AMQP configuration.

CharlesTrott1 — Wed, 06 Oct 2021 17:15:19 GMT

Our security scans have shown that there's a need to disable the AMQP cleartext authentication method inside of RabbitMQ.

Has this been performed by the product or professional services team?
Is this configuration supported?
Has there been any lessons learned on how to go about it?
Has anyone else performed this switch over and successfully continued using Decipher components?

For reference RabbitMQ's article on this is here (TLS Support — RabbitMQ)

Re: Disable cleartext authentication mechanisms in the AMQP configuration.

Ben.Lyons1 — Thu, 07 Oct 2021 07:54:11 GMT

Hi Charles,

Thanks for getting in touch.

Are you able to raise a support ticket so we can discuss the details of the security tests carried out and provide the appropriate advice?

Thanks

Ben

Re: Disable cleartext authentication mechanisms in the AMQP configuration.

LukasRamasauskas — Wed, 20 Jul 2022 07:52:48 GMT

Hi, Charles,

We have same issue and finally we received the reply from BP support that it's not possible to switch from 5672 to secure 5671 port with certificates included.

It was mentioned by BP that:

Decipher web client does support only the default port (5672) of RabbitMQ
Decipher web client does NOT currently support any other custom ports of RabbitMQ

This may be useful to look into: Vulnerability in RabbitMQ : disable cleartext authentication mechanisms in the amqp configuration