Is RabbitMQ Authentification secure without SSL?

Question

We are using RabbitMQ, we'll expose the server over the internet. We'll have multiple clients from multiple computers accessing the server. Our first instinct would be to enable SSL but this seems like a lot of pain from the documentation, specially with Windows and .NET.

We can manually encrypt our messages and make sure that important information can't be sniffed, but we are more concerned about authentification and authorization.

Is the default login architecture from RabbitMQ secure or we really need to enable SSL for 100% secure login and authorization? Could someone sniff vhost/username/password when a client logins to RabbitMQ remotly?

Thanks,

Answer 1

The short answer to the original question is no, RabbitMQ will not be secure without configuring TLS (it isn't as painful as the OP seems to think).

SASL will provide you with a secure (depending on the mechanism) login, but you login in order to do something (not logging in for the fun of loggin in :) - and that something won't be secure without a mechanism like TLS.

As RFC 4422 states, SASL is a protocol that can install a security layer via its mechanisms as an outcome of a successful authentication. Unfortunately, most of SASL mechanisms defined do not provide a security layer. Therefore, as Hashimoto-san suggested above, using TLS as a security layer for RabbitMQ is strongly recommended.

Answer 2

According to the RabbitMQ docs, SASL is used for authentication. SASL is an extensible mechanism for authentication and data security, so this could be secure but none of the three mechanisms provided with the RabbitMQ distribution appear to be secure (without TLS). You could write your own secure SASL plug-in, or encrypt the transport layer with TLS/SSL as you note.