cancel
Showing results for 
Search instead for 
Did you mean: 

Disable cleartext authentication mechanisms in the AMQP configuration.

CharlesTrott1
Level 2

Our security scans have shown that there's a need to disable the AMQP cleartext authentication method inside of RabbitMQ.

  • Has this been performed by the product or professional services team? 
  • Is this configuration supported?
  • Has there been any lessons learned on how to go about it?
  • Has anyone else performed this switch over and successfully continued using Decipher components?

For reference RabbitMQ's article on this is here (TLS Support — RabbitMQ)

2 REPLIES 2

Ben.Lyons1
Staff
Staff
Hi Charles,

Thanks for getting in touch.

Are you able to raise a support ticket so we can discuss the details of the security tests carried out and provide the appropriate advice?

Thanks

Ben
Ben Lyons
Principal Product Specialist - Decipher
SS&C Blue Prism
UK based

Hi, Charles,

We have same issue and finally we received the reply from BP support that it's not possible to switch from 5672 to secure 5671 port with certificates included.

It was mentioned  by BP that:

  • Decipher web client does support only the default port (5672) of RabbitMQ
  • Decipher web client does NOT currently support any other custom ports of RabbitMQ


This may be useful to look into: Vulnerability in RabbitMQ : disable cleartext authentication mechanisms in the amqp configuration