From RabbitMQ tile release v2.X, TLS v1.0 and v1.1 are no longer supported. Before upgrading to Tanzu RabbitMQ v2.0, apps that use TLS v1.0 or v1.1 should be updated to use TLS v1.2 or v1.3. Refer to the docs for more info: https://docs.pivotal.io/rabbitmq-cf/2-0/releases.html


When we checked the environment setting using rabbitmqctl-diagnostics environment, the ssl_options flag was blank.
The override config option was set in the tile. As a result this overwrote the tile options and left the ssl_options setting blank.

To resolve the issue, add the flag {versions,['tlsv1.2,tlsv1.3']}]} to the override config. The cluster can then recognize any applications that are using TLS v1.2 or v1.3.

An example is shown below:


{ssl_options,
          [{keyfile,"/var/vcap/jobs/rabbitmq-server/etc/key.pem"},
           {depth,5},
           {certfile,"/var/vcap/jobs/rabbitmq-server/etc/cert.pem"},
           {cacertfile,"/var/vcap/jobs/rabbitmq-server/etc/cacert.pem"},
           {fail_if_no_peer_cert,false},
           {verify,verify_none},
           {versions,['tlsv1.2,tlsv1.3']}]},