This patch adds a SSL/TLS listener to RabbitMQ without disrupting the existing
plaintext TCP listener. Various services that use RabbitMQ will have the
option to encrypt messaging traffic with this change. Documentation is
included for this change.
By default, it will create a self-signed certificate for the user, but users
have the option to specify their own existing certificates as well.
This makes it easier to bring RabbitMQ (and the services which talk to it)
into compliance with PCI DSS 3.1's Requirement 2.2.3.
In addition, this change is recommended within the OpenStack Security Guide.
Reviewed: https:/ /review. openstack. org/223717 /git.openstack. org/cgit/ openstack/ openstack- ansible/ commit/ ?id=4a1d412f8cd 715f2829867026b 64edabf97ad521
Committed: https:/
Submitter: Jenkins
Branch: master
commit 4a1d412f8cd715f 2829867026b64ed abf97ad521
Author: Major Hayden <email address hidden>
Date: Tue Sep 15 09:52:19 2015 -0500
Add SSL/TLS listener to RabbitMQ
This patch adds a SSL/TLS listener to RabbitMQ without disrupting the existing
plaintext TCP listener. Various services that use RabbitMQ will have the
option to encrypt messaging traffic with this change. Documentation is
included for this change.
By default, it will create a self-signed certificate for the user, but users
have the option to specify their own existing certificates as well.
This makes it easier to bring RabbitMQ (and the services which talk to it)
into compliance with PCI DSS 3.1's Requirement 2.2.3.
In addition, this change is recommended within the OpenStack Security Guide.
Closes-bug: 1496001
Change-Id: I0d29cbb6e963b2 4f77a8375eba8a8 c6a558aaf81