Re: [mosquitto-dev] SSL Context Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] SSL Context Error

From: "Woodard, David" <David.Woodard@xxxxxxxxxxxx>
Date: Mon, 8 Sep 2014 18:42:38 +0000
Accept-language: en-US
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHPyGXt6rEeeYhIlEqjlqWTW2Xax5v2SSOAgAFPY4A=
Thread-topic: [mosquitto-dev] SSL Context Error

Thanks Roger. I have confirmed that the patch works.

Thanks,
—Dave

On Sep 7, 2014, at 3:42 PM, Roger Light <roger@xxxxxxxxxx> wrote:

> Hi Dave,
> 
> 1.2.3 doesn't support TLS session resumption. Later versions do, but
> if you don't want to change versions it's pretty straightforward to
> include, just backport this commit to the 1.2.3 code you're using:
> 
> https://bitbucket.org/oojah/mosquitto/commits/7fabda6061c2bb002019f10c45c4e16a5c03ab2e
> 
> Cheers,
> 
> Roger
> 
> 
> 
> On Thu, Sep 4, 2014 at 6:30 PM, Woodard, David
> <David.Woodard@xxxxxxxxxxxx> wrote:
>> Hello,
>> 
>> We are using Mosquitto v1.2.3 and recently attempted to upgrade to the Paho
>> 1.0 Java client. We are seeing the below issue with SSL:
>> 
>> The Paho client attempts to resume a session during connect (not sure why),
>> at which point it fails the SSL handshake:
>> 
>> %% Client cached [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
>> %% Try resuming [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] from port 49999
>> *** ClientHello, TLSv1
>> 
>> …client sends stuff…
>> 
>> MQTT Con: client1, received EOFException: error
>> MQTT Con: client1, handling exception: javax.net.ssl.SSLHandshakeException:
>> Remote host closed connection during handshake
>> MQTT Con: client1, SEND TLSv1 ALERT:  fatal, description = handshake_failure
>> MQTT Con: client1, WRITE: TLSv1 Alert, length = 2
>> 
>> On the Mosquitto side, we are seeing this in the log:
>> 
>> OpenSSL Error: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id
>> context uninitialized
>> 
>> I have confirmed the following SSL combinations do work:
>> 
>> Paho 0.4/Mosquitto 1.2.3
>> Paho 1.0/Mosquitto 1.3.0
>> Paho 1.0/Mosquitto test server (port 8883)
>> 
>> Is there any way of fixing this on Mosquitto 1.2.3?
>> 
>> Thanks,
>> —Dave
>> 
>> 
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe from
>> this list, visit
>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

References:
- [mosquitto-dev] SSL Context Error
  - From: Woodard, David
- Re: [mosquitto-dev] SSL Context Error
  - From: Roger Light

Prev by Date: Re: [mosquitto-dev] Queue message directly from a broker
Next by Date: Re: [mosquitto-dev] Mosquitto - IOS client
Previous by thread: Re: [mosquitto-dev] SSL Context Error
Next by thread: [mosquitto-dev] help
Index(es):
- Date
- Thread

Breadcrumbs