Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"

From: leduke4223@xxxxxxx
Date: Tue, 16 Sep 2014 13:10:22 +0200
Delivered-to: mosquitto-dev@xxxxxxxxxxx
Importance: normal
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Sensitivity: Normal

Hi Roger,

at the moment I'm at a make it run phase, pure testing.

I have not set any additional certificates apart from all-ca.crt and server.crt Do I need any additional settings?

Is there somewhere a step by step tutorial how to set up mosquitto for SSL/TLS?

Cheers,

Chris

Gesendet: Dienstag, 16. September 2014 um 12:54 Uhr
Von: "Roger Light" <roger@xxxxxxxxxx>
An: "General development discussions for the mosquitto project" <mosquitto-dev@xxxxxxxxxxx>
Betreff: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"

Hi Chris,

> mosquitto_sub --cafile /home/myuser/CA/all-ca.crt --key
> /home/myuser/CA/client.key --cert /home/myuser/CA/client.crt -h 10.0.134.44
> -p 8883 -t 'tbbtb' --tls-version tlsv1.2 -d
> Unable to connect (8).
>
>
> Broker side:
>
> 1410848100: New connection from 10.0.1.44 on port 8883.
> 1410848100: OpenSSL Error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
> alert certificate unknown
> 1410848100: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
> handshake failure
> 1410848100: Socket error on client (null), disconnecting.

It looks like the client certificate you are providing isn't
recognised as valid by the broker. Are you sure you have all of the CA
certificates set correctly on the broker as well? You've set
"require_certificate false" but are still sending a client certificate
- is this what you intend?

I presume you're just using it for testing, but if not I should point
out that the files generated by test/ssl/gen.sh are only intended for
the post-compilation tests. They are weak key length and certainly
don't match your details :)

Cheers,

Roger
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Follow-Ups:
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: Roger Light

References:
- [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: leduke4223
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: Roger Light
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: leduke4223
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: Roger Light

Prev by Date: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Next by Date: Re: [mosquitto-dev] Interface of auth plug-in and complex security policies
Previous by thread: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Next by thread: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Index(es):
- Date
- Thread

Breadcrumbs