Update the ssl_ciphers parameter to support the OpenSSL style

[jamgregory]

Pull Request (PR) description

Currently, this module only supports the old Erlang style, but RabbitMQ post-3.7.9 (rabbitmq/rabbitmq-server#1712) supports the OpenSSL style.

This change allows the rabbitmq.config file to determine which style is being used, and apply that when defining SSL cipher suites.

This Pull Request (PR) fixes the following issues

n/a

[wyardley]

Can you also update the puppet strings docs:

puppet-rabbitmq/manifests/init.pp

Line 256 in 7613f08

# @param ssl_ciphers

[jamgregory]

Can you also update the puppet strings docs:

puppet-rabbitmq/manifests/init.pp

Line 256 in 7613f08

@param ssl_ciphers

Thanks @wyardley - I've updated that now.

[wyardley]

Would it be hard to preserve the sorted ordering? If we release this, it may cause a reload for existing configs, no?

[jamgregory]

Would it be hard to preserve the sorted ordering? If we release this, it may cause a reload for existing configs, no?

Ah, good point. The reason I removed that was because sorting them like that may cause less secure algorithms to float to the top above more secure ones (for example, DHE would come before ECDHE, but ECDHE is more secure).

I'm happy to put something in that causes the order to be preserved if the ssl_honor_cipher_order is set to true, otherwise it just sorts them - that should avoid existing configs being re-ordered?

[wyardley]

Mm - I see what you’re saying. I don’t know if this warrants a new parameter, may be better to just release it like this (it makes the code easier to read too).

Let’s see if @bastelfreak thinks that should make this a breaking change.