SpringBoot Add SSL support to auto-configuration for Rabbit Streams

Spring Boot version: 3.4.1

I have a very basic setup to use SuperStreams. My code works fine if I don't try to use TLS. The Exchanges/Queues get declared, and I am able to publish/consume. I am using Integration code similar to the following:

 IntegrationFlowBuilder flowBuilder = IntegrationFlow.from(RabbitStream.inboundAdapter(env)
  .messageConverter(myConverter)
  .superStream("my-stream-name, "decrypt"))
  .get();

Trying to use RabbitMQ streams with TLS enabled, I set a configuration like so:

spring:
  rabbitmq:
    host: my-rabbit.com
    port: 5671
    virtual-host: some-vhost
    username: some-user
    password: some-password
    ssl:
      enabled: true
    stream:
      name: some-Stream
      host: my-rabbit.com
      port: 5551
      virtual-host: some-vhost
      username: some-user
    password: some-password

The Spring context fails to start with this truncated error:

Caused by: com.rabbitmq.stream.impl.TimeoutStreamException: Could not get response in 10000 ms from node rabbitmq-amqp.dev.cyber.burrito.cloud:5551

On RabbitMQ, an error like below appears:

2025-01-22 16:56:43.328979+00:00 [notice] <0.20577151.0> TLS server: In state hello at tls_record.erl:561 generated SERVER ALERT: Fatal - Unexpected Message
2025-01-22 16:56:43.328979+00:00 [notice] <0.20577151.0>  - {unsupported_record_type,0}

This lead me to believe the TLS_HELLO was failing. After searching through the RabbitStreamConfiguration code in Spring Boot, I noticed Spring does not enable the com.rabbitmq.stream.Environment's .tls() method anywhere. To workaround this, I register a customizer like so:

@Bean
    @ConditionalOnProperty(value = "spring.rabbitmq.ssl.enabled", havingValue = "true")
    EnvironmentBuilderCustomizer environmentBuilderCustomizer() {
        return builder -> {
            builder.tls();
        };
    }

The works, but I think it's a mistake/bug that TLS can't be enabled via properties. Am I missing something?

Comment From: wilkinsona

It's not a mistake/bug, but a missing feature. We can use this issue to track adding it. In the meantime, your EnvironmentBuilderCustomizer is a good workaround.

When we add SSL support, we'll have to look at supporting SSL bundles with Rabbit Streams as we do with regular Rabbit. It looks like this will require adapting an SslBundle to a io.netty.handler.ssl.SslContext.