Be sure to use the correct path to the cookie - probably /var/lib/rabbitmq/.erlang.cookie:
erl -sname node@MESSIAEN -setcookie "$(< $HOME/.erlang.cookie)" -remsh 'rabbit@MESSIAEN'
New TLS options will be in NewTlsOpts variable:
> {ok, TlsOpts} = application:get_env(rabbit, ssl_options).
{ok,[{cacertfile,"/Users/lbakken/development/src/tls-gen/basic/testca/cacert.pem"},
{certfile,"/Users/lbakken/development/src/tls-gen/basic/server/cert.pem"},
{keyfile,"/Users/lbakken/development/src/tls-gen/basic/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
> {ok, [CipherOpt]} = file:consult("/PATH/TO/ciphers.config").
{ok,[{ciphers,[{rsa,'3des_ede_cbc',sha},
{rsa,aes_128_cbc,sha256},
{rsa,aes_128_cbc,sha},
{rsa,aes_128_gcm,null,sha256},
{rsa,aes_256_cbc,sha256},
{rsa,aes_256_cbc,sha},
{rsa,aes_256_gcm,null,sha384}]}]}
> NewTlsOpts = [CipherOpt | TlsOpts].
[{ciphers,[{rsa,'3des_ede_cbc',sha},
{rsa,aes_128_cbc,sha256},
{rsa,aes_128_cbc,sha},
{rsa,aes_128_gcm,null,sha256},
{rsa,aes_256_cbc,sha256},
{rsa,aes_256_cbc,sha},
{rsa,aes_256_gcm,null,sha384}]},
{cacertfile,"/Users/lbakken/development/src/tls-gen/basic/testca/cacert.pem"},
{certfile,"/Users/lbakken/development/src/tls-gen/basic/server/cert.pem"},
{keyfile,"/Users/lbakken/development/src/tls-gen/basic/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]
> application:set_env(rabbit, ssl_options, NewTlsOpts).
7> [rabbit_networking:stop_tcp_listener(Port) || {listener,_,Type,_,_,Port,_} <- rabbit_networking:active_listeners(), Type =:= 'amqp/ssl'].
[ok]
> rabbit_networking:start_ssl_listener(5671, rabbit_networking:ensure_ssl(), 10).
ok