[Questions] help with amqps connection issue

[PatrickTague]

Community Support Policy

• I have read RabbitMQ's Community Support Policy
• I run RabbitMQ 4.x, the only series currently covered by community support
• I promise to provide all relevant information (versions, logs from all nodes, rabbitmq-diagnostics output, detailed reproduction steps)

RabbitMQ version used

4.1.0

Erlang version used

27.3.x

Operating system (distribution) used

Ubuntu 24.04

How is RabbitMQ deployed?

Debian package

rabbitmq-diagnostics status output

See https://www.rabbitmq.com/docs/cli to learn how to use rabbitmq-diagnostics

Status of node rabbit@mews ...
[]
Runtime

OS PID: 3019
OS: Linux
Uptime (seconds): 2892
Is under maintenance?: false
RabbitMQ version: 4.1.0
RabbitMQ release series support status: see https://www.rabbitmq.com/release-information
Node name: rabbit@mews
Erlang configuration: Erlang/OTP 27 [erts-15.2.6] [source] [64-bit] [smp:1:1] [ds:1:1:10] [async-threads:1] [jit:ns]
Crypto library: OpenSSL 3.0.13 30 Jan 2024
Erlang processes: 302 used, 1048576 limit
Scheduler run queue: 1
Cluster heartbeat timeout (net_ticktime): 60

Plugins

Enabled plugin file: /etc/rabbitmq/enabled_plugins
Enabled plugins:

 * rabbitmq_auth_mechanism_ssl

Data directory

Node data directory: /var/lib/rabbitmq/mnesia/rabbit@mews
Raft data directory: /var/lib/rabbitmq/mnesia/rabbit@mews/quorum/rabbit@mews

Config files

 * /etc/rabbitmq/rabbitmq.conf

Log file(s)

 * /var/log/rabbitmq/rabbit.log
 * <stdout>

Alarms

(none)

Tags

(none)

Memory

Total memory used: 0.1041 gb
Calculation strategy: rss
Memory high watermark setting: 0.6 of available memory, computed to: 1.2382 gb

reserved_unallocated: 0.0432 gb (41.47 %)
code: 0.0215 gb (20.64 %)
other_proc: 0.0168 gb (16.15 %)
other_system: 0.0149 gb (14.35 %)
allocated_unused: 0.0034 gb (3.3 %)
other_ets: 0.0028 gb (2.65 %)
atom: 0.0011 gb (1.05 %)
binary: 0.0002 gb (0.18 %)
mnesia: 0.0001 gb (0.07 %)
metrics: 0.0001 gb (0.06 %)
metadata_store: 0.0 gb (0.03 %)
msg_index: 0.0 gb (0.02 %)
plugins: 0.0 gb (0.01 %)
quorum_ets: 0.0 gb (0.0 %)
metadata_store_ets: 0.0 gb (0.0 %)
quorum_queue_procs: 0.0 gb (0.0 %)
quorum_queue_dlx_procs: 0.0 gb (0.0 %)
stream_queue_procs: 0.0 gb (0.0 %)
stream_queue_replica_reader_procs: 0.0 gb (0.0 %)
connection_readers: 0.0 gb (0.0 %)
connection_writers: 0.0 gb (0.0 %)
connection_channels: 0.0 gb (0.0 %)
connection_other: 0.0 gb (0.0 %)
queue_procs: 0.0 gb (0.0 %)
stream_queue_coordinator_procs: 0.0 gb (0.0 %)
mgmt_db: 0.0 gb (0.0 %)

File Descriptors

Total: 0, limit: 32671

Free Disk Space

Low free disk space watermark: 0.05 gb
Free disk space: 7.7126 gb

Totals

Connection count: 0
Queue count: 1
Virtual host count: 1

Listeners

Interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Interface: [::], port: 5671, protocol: amqp/ssl, purpose: AMQP 0-9-1 and AMQP 1.0 over TLS

Logs from node 1 (with sensitive values edited out)

See https://www.rabbitmq.com/docs/logging to learn how to collect logs

2025-04-29 22:56:44.152257+00:00 [info] <0.218.0>
2025-04-29 22:56:44.152257+00:00 [info] <0.218.0>  Starting RabbitMQ 4.1.0 on Erlang 27.3.3 [jit]
2025-04-29 22:56:44.152257+00:00 [info] <0.218.0>  Copyright (c) 2007-2025 Broadcom Inc and/or its subsidiaries
2025-04-29 22:56:44.152257+00:00 [info] <0.218.0>  Licensed under the MPL 2.0. Website: https://rabbitmq.com
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>  node           : rabbit@mews
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>  home dir       : /var/lib/rabbitmq
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>  config file(s) : /etc/rabbitmq/rabbitmq.conf
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>  cookie hash    : xxxxxxxx
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>  log(s)         : /var/log/rabbitmq/rabbit.log
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>                 : <stdout>
2025-04-29 22:56:44.155497+00:00 [info] <0.218.0>  data dir       : /var/lib/rabbitmq/mnesia/rabbit@mews
2025-04-29 22:56:44.301515+00:00 [info] <0.218.0> Running boot step pre_boot defined by app rabbit
2025-04-29 22:56:44.301587+00:00 [info] <0.218.0> Running boot step rabbit_global_counters defined by app rabbit
2025-04-29 22:56:44.302058+00:00 [info] <0.218.0> Running boot step rabbit_osiris_metrics defined by app rabbit
2025-04-29 22:56:44.302220+00:00 [info] <0.218.0> Running boot step rabbit_core_metrics defined by app rabbit
2025-04-29 22:56:44.302474+00:00 [info] <0.218.0> Running boot step rabbit_alarm defined by app rabbit
2025-04-29 22:56:44.321736+00:00 [info] <0.415.0> Memory high watermark set to 1180 MiB (1238229811 bytes) of 1968 MiB (2063716352 bytes) total
2025-04-29 22:56:44.333958+00:00 [info] <0.417.0> Enabling free disk space monitoring (disk free space: 7712567296, total memory: 2063716352)
2025-04-29 22:56:44.334024+00:00 [info] <0.417.0> Disk free limit set to 50MB
2025-04-29 22:56:44.339614+00:00 [info] <0.218.0> Running boot step code_server_cache defined by app rabbit
2025-04-29 22:56:44.339715+00:00 [info] <0.218.0> Running boot step file_handle_cache defined by app rabbit
2025-04-29 22:56:44.354804+00:00 [info] <0.420.0> Limiting to approx 32671 file handles (29401 sockets)
2025-04-29 22:56:44.355657+00:00 [info] <0.421.0> FHC read buffering: OFF
2025-04-29 22:56:44.355709+00:00 [info] <0.421.0> FHC write buffering: ON
2025-04-29 22:56:44.356840+00:00 [info] <0.218.0> Running boot step worker_pool defined by app rabbit
2025-04-29 22:56:44.357522+00:00 [info] <0.324.0> Will use 1 processes for default worker pool
2025-04-29 22:56:44.357579+00:00 [info] <0.324.0> Starting worker pool 'worker_pool' with 1 processes in it
2025-04-29 22:56:44.358015+00:00 [info] <0.218.0> Running boot step rabbit_registry defined by app rabbit
2025-04-29 22:56:44.358486+00:00 [info] <0.218.0> Running boot step database defined by app rabbit
2025-04-29 22:56:44.360719+00:00 [info] <0.218.0> Peer discovery: configured backend: rabbit_peer_discovery_classic_config
2025-04-29 22:56:44.375359+00:00 [info] <0.218.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2025-04-29 22:56:44.377807+00:00 [info] <0.218.0> Successfully synced tables from a peer
2025-04-29 22:56:44.377888+00:00 [info] <0.218.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2025-04-29 22:56:44.378026+00:00 [info] <0.218.0> Successfully synced tables from a peer
2025-04-29 22:56:44.390400+00:00 [info] <0.218.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2025-04-29 22:56:44.390596+00:00 [info] <0.218.0> Successfully synced tables from a peer
2025-04-29 22:56:44.390743+00:00 [info] <0.218.0> Running boot step tracking_metadata_store defined by app rabbit
2025-04-29 22:56:44.390842+00:00 [info] <0.439.0> Setting up a table for connection tracking on this node: tracked_connection
2025-04-29 22:56:44.390899+00:00 [info] <0.439.0> Setting up a table for per-vhost connection counting on this node: tracked_connection_per_vhost
2025-04-29 22:56:44.390961+00:00 [info] <0.439.0> Setting up a table for per-user connection counting on this node: tracked_connection_per_user
2025-04-29 22:56:44.391011+00:00 [info] <0.439.0> Setting up a table for channel tracking on this node: tracked_channel
2025-04-29 22:56:44.391054+00:00 [info] <0.439.0> Setting up a table for channel tracking on this node: tracked_channel_per_user
2025-04-29 22:56:44.391125+00:00 [info] <0.218.0> Running boot step networking_metadata_store defined by app rabbit
2025-04-29 22:56:44.391217+00:00 [info] <0.218.0> Running boot step feature_flags defined by app rabbit
2025-04-29 22:56:44.392812+00:00 [info] <0.218.0> Running boot step codec_correctness_check defined by app rabbit
2025-04-29 22:56:44.392882+00:00 [info] <0.218.0> Running boot step external_infrastructure defined by app rabbit
2025-04-29 22:56:44.393216+00:00 [info] <0.218.0> Running boot step rabbit_event defined by app rabbit
2025-04-29 22:56:44.393918+00:00 [info] <0.218.0> Running boot step rabbit_auth_mechanism_amqplain defined by app rabbit
2025-04-29 22:56:44.394071+00:00 [info] <0.218.0> Running boot step rabbit_auth_mechanism_anonymous defined by app rabbit
2025-04-29 22:56:44.394172+00:00 [info] <0.218.0> Running boot step rabbit_auth_mechanism_cr_demo defined by app rabbit
2025-04-29 22:56:44.394375+00:00 [info] <0.218.0> Running boot step rabbit_auth_mechanism_plain defined by app rabbit
2025-04-29 22:56:44.394503+00:00 [info] <0.218.0> Running boot step rabbit_exchange_type_direct defined by app rabbit
2025-04-29 22:56:44.394729+00:00 [info] <0.218.0> Running boot step rabbit_exchange_type_fanout defined by app rabbit
2025-04-29 22:56:44.394853+00:00 [info] <0.218.0> Running boot step rabbit_exchange_type_headers defined by app rabbit
2025-04-29 22:56:44.394957+00:00 [info] <0.218.0> Running boot step rabbit_exchange_type_local_random defined by app rabbit
2025-04-29 22:56:44.395010+00:00 [info] <0.218.0> Running boot step rabbit_exchange_type_topic defined by app rabbit
2025-04-29 22:56:44.395190+00:00 [info] <0.218.0> Running boot step rabbit_priority_queue defined by app rabbit
2025-04-29 22:56:44.395221+00:00 [info] <0.218.0> Priority queues enabled, real BQ is rabbit_variable_queue
2025-04-29 22:56:44.396106+00:00 [info] <0.218.0> Running boot step rabbit_auth_mechanism_ssl defined by app rabbitmq_auth_mechanism_ssl
2025-04-29 22:56:44.396315+00:00 [info] <0.218.0> Running boot step kernel_ready defined by app rabbit
2025-04-29 22:56:44.396346+00:00 [info] <0.218.0> Running boot step pg_local_amqp_connection defined by app rabbit
2025-04-29 22:56:44.404496+00:00 [info] <0.218.0> Running boot step pg_local_amqp_session defined by app rabbit
2025-04-29 22:56:44.404713+00:00 [info] <0.218.0> Running boot step rabbit_sysmon_minder defined by app rabbit
2025-04-29 22:56:44.405010+00:00 [info] <0.218.0> Running boot step rabbit_epmd_monitor defined by app rabbit
2025-04-29 22:56:44.406620+00:00 [info] <0.448.0> epmd monitor knows us, inter-node communication (distribution) port: 25672
2025-04-29 22:56:44.407206+00:00 [info] <0.218.0> Running boot step guid_generator defined by app rabbit
2025-04-29 22:56:44.410854+00:00 [info] <0.218.0> Running boot step rabbit_node_monitor defined by app rabbit
2025-04-29 22:56:44.412088+00:00 [info] <0.452.0> Starting rabbit_node_monitor (in ignore mode)
2025-04-29 22:56:44.412267+00:00 [info] <0.218.0> Running boot step delegate_sup defined by app rabbit
2025-04-29 22:56:44.412737+00:00 [info] <0.218.0> Running boot step rabbit_fifo_dlx_sup defined by app rabbit
2025-04-29 22:56:44.412887+00:00 [info] <0.218.0> Running boot step core_initialized defined by app rabbit
2025-04-29 22:56:44.412922+00:00 [info] <0.218.0> Running boot step rabbit_channel_tracking_handler defined by app rabbit
2025-04-29 22:56:44.413101+00:00 [info] <0.218.0> Running boot step rabbit_classic_queue defined by app rabbit
2025-04-29 22:56:44.413161+00:00 [info] <0.218.0> Running boot step rabbit_connection_tracking_handler defined by app rabbit
2025-04-29 22:56:44.413201+00:00 [info] <0.218.0> Running boot step rabbit_definitions_hashing defined by app rabbit
2025-04-29 22:56:44.413239+00:00 [info] <0.218.0> Running boot step rabbit_exchange_parameters defined by app rabbit
2025-04-29 22:56:44.424480+00:00 [info] <0.218.0> Running boot step rabbit_policies defined by app rabbit
2025-04-29 22:56:44.424736+00:00 [info] <0.218.0> Running boot step rabbit_policy defined by app rabbit
2025-04-29 22:56:44.424795+00:00 [info] <0.218.0> Running boot step rabbit_quorum_memory_manager defined by app rabbit
2025-04-29 22:56:44.424844+00:00 [info] <0.218.0> Running boot step rabbit_quorum_queue defined by app rabbit
2025-04-29 22:56:44.424923+00:00 [info] <0.218.0> Running boot step rabbit_stream_coordinator defined by app rabbit
2025-04-29 22:56:44.425274+00:00 [info] <0.218.0> Running boot step rabbit_vhost_limit defined by app rabbit
2025-04-29 22:56:44.425521+00:00 [info] <0.218.0> Running boot step recovery defined by app rabbit
2025-04-29 22:56:44.447485+00:00 [info] <0.480.0> Making sure data directory '/var/lib/rabbitmq/mnesia/rabbit@mews/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L' for vhost '/' exists
2025-04-29 22:56:44.458799+00:00 [info] <0.480.0> Starting message stores for vhost '/'
2025-04-29 22:56:44.462947+00:00 [info] <0.480.0> Started message store of type transient for vhost '/'
2025-04-29 22:56:44.469297+00:00 [info] <0.480.0> Started message store of type persistent for vhost '/'
2025-04-29 22:56:44.469574+00:00 [info] <0.480.0> Recovering 0 queues of type rabbit_classic_queue took 20ms
2025-04-29 22:56:44.469626+00:00 [info] <0.480.0> Recovering 0 queues of type rabbit_quorum_queue took 0ms
2025-04-29 22:56:44.469677+00:00 [info] <0.480.0> Recovering 0 queues of type rabbit_stream_queue took 0ms
2025-04-29 22:56:44.470829+00:00 [info] <0.218.0> Running boot step empty_db_check defined by app rabbit
2025-04-29 22:56:44.470881+00:00 [info] <0.218.0> Will not seed default virtual host and user: have definitions to load...
2025-04-29 22:56:44.471007+00:00 [info] <0.218.0> Running boot step rabbit_observer_cli defined by app rabbit
2025-04-29 22:56:44.471201+00:00 [info] <0.218.0> Running boot step rabbit_core_metrics_gc defined by app rabbit
2025-04-29 22:56:44.471664+00:00 [info] <0.218.0> Running boot step background_gc defined by app rabbit
2025-04-29 22:56:44.471852+00:00 [info] <0.218.0> Running boot step routing_ready defined by app rabbit
2025-04-29 22:56:44.471887+00:00 [info] <0.218.0> Running boot step pre_flight defined by app rabbit
2025-04-29 22:56:44.472002+00:00 [info] <0.218.0> Running boot step notify_cluster defined by app rabbit
2025-04-29 22:56:44.472116+00:00 [info] <0.218.0> Running boot step networking defined by app rabbit
2025-04-29 22:56:44.472483+00:00 [info] <0.218.0> Running boot step rabbit_quorum_queue_periodic_membership_reconciliation defined by app rabbit
2025-04-29 22:56:44.473274+00:00 [info] <0.452.0> rabbit on node 'rabbit@mews-gpu' up
2025-04-29 22:56:44.474521+00:00 [info] <0.218.0> Running boot step definition_import_worker_pool defined by app rabbit
2025-04-29 22:56:44.474669+00:00 [info] <0.324.0> Starting worker pool 'definition_import_pool' with 1 processes in it
2025-04-29 22:56:44.476968+00:00 [info] <0.218.0> Running boot step cluster_name defined by app rabbit
2025-04-29 22:56:44.486999+00:00 [info] <0.523.0> Resetting node maintenance status
2025-04-29 22:56:44.492041+00:00 [info] <0.523.0> Ready to start client connection listeners
2025-04-29 22:56:44.620648+00:00 [info] <0.545.0> started TLS (SSL) listener on [::]:5671
2025-04-29 22:56:44.772211+00:00 [info] <0.523.0> Server startup complete; 1 plugins started.
2025-04-29 22:56:44.772211+00:00 [info] <0.523.0>  * rabbitmq_auth_mechanism_ssl
2025-04-29 22:56:44.889310+00:00 [info] <0.10.0> Time to start RabbitMQ: 4448 ms
2025-04-29 22:57:07.529879+00:00 [info] <0.452.0> rabbit on node 'rabbit@mews-gpu' down
2025-04-29 22:57:07.553591+00:00 [info] <0.452.0> node 'rabbit@mews-gpu' down: connection_closed
2025-04-29 22:57:10.570145+00:00 [info] <0.452.0> node 'rabbit@mews-gpu' up
2025-04-29 22:57:11.605026+00:00 [info] <0.452.0> rabbit on node 'rabbit@mews-gpu' up
2025-04-29 23:16:11.241359+00:00 [info] <0.743.0> accepting AMQP connection 127.0.0.1:52380 -> 127.0.0.1:5671
2025-04-29 23:16:11.241526+00:00 [error] <0.743.0> closing AMQP connection <0.743.0> (127.0.0.1:52380 -> 127.0.0.1:5671, duration: '10s'):
2025-04-29 23:16:11.241526+00:00 [error] <0.743.0> {handshake_timeout,handshake}

Logs from node 2 (if applicable, with sensitive values edited out)

n/a

Logs from node 3 (if applicable, with sensitive values edited out)

n/a

rabbitmq.conf

See https://www.rabbitmq.com/docs/configure#config-location to learn how to find rabbitmq.conf file location

# config file for rabbitmq

cluster_name = mews.ini736

cluster_formation.peer_discovery_backend = classic_config
cluster_formation.classic_config.nodes.1 = rabbit@mews
cluster_formation.classic_config.nodes.2 = rabbit@mews-gpu

# ssl port
listeners.ssl.default = 5671

# disable non-tls connections
listeners.tcp = none

# byte transfer limit
socket_writer.gc_threshold = 10000000

# guest is only valid on localhost
loopback_users.guest = true

# tls params

listeners.ssl.1 = 5671
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
ssl_options.cacertfile = /etc/rabbitmq/ca.cert.pem
ssl_options.certfile = /etc/rabbitmq/mews.cert.pem
ssl_options.keyfile = /etc/rabbitmq/mews.key.pem
ssl_options.honor_cipher_order = true
ssl_options.honor_ecc_order = true
ssl_options.versions.1 = tlsv1.3
ssl_options.ciphers.1  = TLS_AES_256_GCM_SHA384
ssl_options.ciphers.2  = TLS_AES_128_GCM_SHA256
ssl_options.ciphers.3  = TLS_CHACHA20_POLY1305_SHA256
ssl_options.ciphers.4  = TLS_AES_128_CCM_SHA256
ssl_options.ciphers.5  = TLS_AES_128_CCM_8_SHA256

# peer cert-based authentication
auth_mechanisms.1 = EXTERNAL
ssl_cert_login_from   = common_name
ssl_handshake_timeout = 5000

password_hashing_module = rabbit_password_hashing_sha256

log.dir = /var/log/rabbitmq
log.file = rabbit.log

Steps to deploy RabbitMQ cluster

installed rabbitmq according to instructions on rabbitmq.com, following tutorials to incorporate TLS verification and relying on debian packages whenever possible.

Steps to reproduce the behavior in question

call amqp.connect on amqps endpoint using valid TLS credentials. this fails every time, after applying software update today.

advanced.config

n/a

Application code

n/a

Kubernetes deployment file

n/a

What problem are you trying to solve?

after logging in to update my ubuntu 24.04 server today, the message queue is no longer working. inspection of logs revealed the error trace

0|ini736   | Error: Socket closed abruptly during opening handshake
0|ini736   |     at TLSSocket.endWhileOpening (/home/tague/ini736/node_modules/amqplib/lib/connection.js:214:19)
0|ini736   |     at TLSSocket.emit (node:events:536:35)
0|ini736   |     at endReadableNT (node:internal/streams/readable:1698:12)
0|ini736   |     at process.processTicksAndRejections (node:internal/process/task_queues:90:21)

being report from a Node.js application using AMQP that has been working as expected since deployment in January. TLS credentials are valid, and i've verified connection between relevant machines using s_server/s_client as well as locally using s_client to connect to the AMQP instance (which appears as the final entries in the log included above).

this error occurred when the application called amqp.connect with the correct/valid TLS settings and credentials.

[michaelklishin]

As our Community Support Policy explicitly states, we won't troubleshoot TLS, OAuth 2 and LDAP for non-paying users.

There is a dedicated TLS troubleshooting guide that explains the methodology to use.

Node.js amqplib and RabbitMQ 4.1.0 Compatibility

In the 4.1.0 release notes under Breaking Changes and Compatibility Notes there is an explicit mention of a certain Node.js client that you must upgrade to the latest version or your application will not be able to connect to RabbitMQ 4.1.0 plus:

Initial AMQP 0-9-1 Maximum Frame Size

Before a client connection can negotiate a maximum frame size (frame_max), it must authenticate
successfully. Before the authenticated phase, a special lower frame_max value
is used.

With this release, the value was increased from the original 4096 bytes to 8192
to accommodate larger JWT tokens.

Clients that do override frame_max now must use values of 8192 bytes or greater.
We recommend using the default server value of 131072: do not override the frame_max
key in rabbitmq.conf and do not set it in the application code.

amqplib is a popular client library that has been using
a low frame_max default of 4096. Its users must upgrade to a compatible version
(starting with 0.10.7) or explicitly use a higher frame_max.

[PatrickTague]

thank you. i had read through all of these documents before posting, but i missed the one line about upgrading amqplib to 0.10.7. that solved the problem.