Disable cleartext authentication mechanisms in the AMQP configuration.

CharlesTrott1 · ‎06-10-21

Our security scans have shown that there's a need to disable the AMQP cleartext authentication method inside of RabbitMQ.

Has this been performed by the product or professional services team?
Is this configuration supported?
Has there been any lessons learned on how to go about it?
Has anyone else performed this switch over and successfully continued using Decipher components?

For reference RabbitMQ's article on this is here (TLS Support — RabbitMQ)

Ben.Lyons1 · ‎07-10-21

Hi Charles,

Thanks for getting in touch.

Are you able to raise a support ticket so we can discuss the details of the security tests carried out and provide the appropriate advice?

Thanks

Ben

Ben Lyons
Principal Product Specialist - Decipher
SS&C Blue Prism
UK based

LukasRamasauskas · ‎20-07-22

Hi, Charles,

We have same issue and finally we received the reply from BP support that it's not possible to switch from 5672 to secure 5671 port with certificates included.

It was mentioned by BP that:

Decipher web client does support only the default port (5672) of RabbitMQ
Decipher web client does NOT currently support any other custom ports of RabbitMQ

This may be useful to look into: Vulnerability in RabbitMQ : disable cleartext authentication mechanisms in the amqp configuration

SS&C Blue Prism Community

Disable cleartext authentication mechanisms in the AMQP configuration.