Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSL support to auto-configuration for Rabbit Streams #43932

Open
rrileyca opened this issue Jan 22, 2025 · 2 comments
Open

Add SSL support to auto-configuration for Rabbit Streams #43932

rrileyca opened this issue Jan 22, 2025 · 2 comments
Labels
type: enhancement A general enhancement
Milestone
3.x

Comments

@rrileyca
Copy link

rrileyca commented Jan 22, 2025
edited
Loading

Spring Boot version: 3.4.1

I have a very basic setup to use SuperStreams. My code works fine if I don't try to use TLS. The Exchanges/Queues get declared, and I am able to publish/consume. I am using Integration code similar to the following:

 IntegrationFlowBuilder flowBuilder = IntegrationFlow.from(RabbitStream.inboundAdapter(env)
  .messageConverter(myConverter)
  .superStream("my-stream-name, "decrypt"))
  .get();

Trying to use RabbitMQ streams with TLS enabled, I set a configuration like so:

spring:
  rabbitmq:
    host: my-rabbit.com
    port: 5671
    virtual-host: some-vhost
    username: some-user
    password: some-password
    ssl:
      enabled: true
    stream:
      name: some-Stream
      host: my-rabbit.com
      port: 5551
      virtual-host: some-vhost
      username: some-user
    password: some-password

The Spring context fails to start with this truncated error:

Caused by: com.rabbitmq.stream.impl.TimeoutStreamException: Could not get response in 10000 ms from node rabbitmq-amqp.dev.cyber.burrito.cloud:5551

On RabbitMQ, an error like below appears:

2025-01-22 16:56:43.328979+00:00 [notice] <0.20577151.0> TLS server: In state hello at tls_record.erl:561 generated SERVER ALERT: Fatal - Unexpected Message
2025-01-22 16:56:43.328979+00:00 [notice] <0.20577151.0>  - {unsupported_record_type,0}

This lead me to believe the TLS_HELLO was failing. After searching through the RabbitStreamConfiguration code in Spring Boot, I noticed Spring does not enable the com.rabbitmq.stream.Environment's .tls() method anywhere. To workaround this, I register a customizer like so:

@Bean
    @ConditionalOnProperty(value = "spring.rabbitmq.ssl.enabled", havingValue = "true")
    EnvironmentBuilderCustomizer environmentBuilderCustomizer() {
        return builder -> {
            builder.tls();
        };
    }

The works, but I think it's a mistake/bug that TLS can't be enabled via properties. Am I missing something?
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 22, 2025
@wilkinsona wilkinsona changed the title RabbitMQ Streams doesn't support TLS Add SSL support to auto-configuration for Rabbit Streams Jan 22, 2025
@wilkinsona
Copy link
Member

It's not a mistake/bug, but a missing feature. We can use this issue to track adding it. In the meantime, your EnvironmentBuilderCustomizer is a good workaround.

When we add SSL support, we'll have to look at supporting SSL bundles with Rabbit Streams as we do with regular Rabbit. It looks like this will require adapting an SslBundle to a io.netty.handler.ssl.SslContext.

@wilkinsona wilkinsona added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 22, 2025
@wilkinsona wilkinsona added this to the 3.x milestone Jan 22, 2025
@wilkinsona

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
3.x
Development

No branches or pull requests
3 participants
@wilkinsona @spring-projects-issues @rrileyca