rabbitmq.conf

listeners.tcp.default = 5672
# disables non-TLS listeners, only TLS-enabled clients will be able to connect
# listeners.tcp = none

listeners.ssl.default = 5671

ssl_options.cacertfile = /etc/ssl/certs/smswithoutborders/server.pem
ssl_options.certfile   = /etc/ssl/certs/smswithoutborders/server.crt
ssl_options.keyfile    = /etc/ssl/certs/smswithoutborders/server.key
ssl_options.verify     = verify_peer
ssl_options.depth  = 2
ssl_options.fail_if_no_peer_cert = false

management.tcp.port = 15672
management.ssl.port       = 15671
management.ssl.cacertfile = /etc/ssl/certs/smswithoutborders/server.pem
management.ssl.certfile   = /etc/ssl/certs/smswithoutborders/server.crt
management.ssl.keyfile    = /etc/ssl/certs/smswithoutborders/server.key
## This key must only be used if private key is password protected
# management.ssl.password   = bunnies

# For RabbitMQ 3.7.10 and later versions
management.ssl.honor_cipher_order   = true
management.ssl.honor_ecc_order      = true
management.ssl.client_renegotiation = false
management.ssl.secure_renegotiate   = true

management.ssl.versions.1 = tlsv1.2
management.ssl.versions.2 = tlsv1.1

management.ssl.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384
management.ssl.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384
management.ssl.ciphers.3 = ECDHE-ECDSA-AES256-SHA384
management.ssl.ciphers.4 = ECDHE-RSA-AES256-SHA384
management.ssl.ciphers.5 = ECDH-ECDSA-AES256-GCM-SHA384
management.ssl.ciphers.6 = ECDH-RSA-AES256-GCM-SHA384
management.ssl.ciphers.7 = ECDH-ECDSA-AES256-SHA384
management.ssl.ciphers.8 = ECDH-RSA-AES256-SHA384
management.ssl.ciphers.9 = DHE-RSA-AES256-GCM-SHA384

## Usually RabbitMQ nodes do not perform peer verification of HTTP API clients
## but it can be enabled if needed. Clients then will have to be configured with
## a certificate and private key pair.
##
## See https://www.rabbitmq.com/ssl.html#peer-verification for details.
# management.ssl.verify = verify_peer
# management.ssl.fail_if_no_peer_cert = true