Re: [mosquitto-dev] SSL3_GET_RECORD:wrong version number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] SSL3_GET_RECORD:wrong version number

From: Khitai Pang <khitai.pang@xxxxxxxxxxx>
Date: Tue, 11 Oct 2016 10:21:55 +0000
Accept-language: zh-TW, en-US
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHSGv5GuAGqD85rgEuTX7UQ+fmsq6CSK0UAgBDxPAA=
Thread-topic: [mosquitto-dev] SSL3_GET_RECORD:wrong version number

Hi Roger,

Sorry for late response.

After changing cafile, certfile and keyfile in mosquitto.conf and 
restart the broker, "openssl s_client -connect host:port -CAfile 
<cafile>" works just fine:

CONNECTED(00000003)
depth=1 C =...
...
...
     Start Time: 1476180904
     Timeout   : 300 (sec)
     Verify return code: 0 (ok)
---

And after running the openssl command, the next mosquitto_sub command 
succeeds.


Thanks
Khitai

On 2016/9/30 23:38, Roger Light wrote:
> Hi Khital,
>
> That's a bit odd. What happens if you connect to the broker using
> "openssl s_client -connect host:port -CAfile <cafile>" instead?
>
> Cheers,
>
> Roger
>
>
>
> On Fri, Sep 30, 2016 at 10:37 AM, Khitai Pang <khitai.pang@xxxxxxxxxxx> wrote:
>> I am using mosquitto broker and client 1.4.10.
>>
>> After modifying cafile, certfile and keyfile in mosquitto.conf and
>> restart the broker, the first mosquitto_sub connection always fails.
>>
>> $ mosquitto_sub -d -v -h myserver.com -p 8080 --tls-version tlsv1.2
>> --cafile /tmp/ca.crt  -i mysub -t mytopic -q 2
>> Client mysub sending CONNECT
>> Error: A TLS error occurred.
>>
>> Mosquitto log:
>>
>> mosquitto[3202]: New client connected from xxx.xxx.xxx.xxx as mysub (c1,
>> k60).
>> mosquitto[3202]: OpenSSL Error: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong version number
>> mosquitto[3202]: Socket error on client mysub, disconnecting.
>>
>> But the second run of exactly the same mosquitto_sub command line will
>> succeed:
>>
>> Client mysub sending CONNECT
>> Client mysub received CONNACK
>> Client mysub sending SUBSCRIBE (Mid: 1, Topic: mytopic, QoS: 2)
>> Client mysub received SUBACK
>> Subscribed (mid: 1): 2
>>
>> mosquitto[3202]: New connection from xxx.xxx.xxx.xxx on port 8080.
>> mosquitto[3202]: New client connected from xxx.xxx.xxx.xxx as mysub (c1,
>> k60).
>>
>> OS is ubuntu 14.04 LTS.
>>
>>
>> Any idea?
>>
>>
>> Thanks
>> Khitai
>>
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

References:
- [mosquitto-dev] SSL3_GET_RECORD:wrong version number
  - From: Khitai Pang
- Re: [mosquitto-dev] SSL3_GET_RECORD:wrong version number
  - From: Roger Light

Prev by Date: [mosquitto-dev] [RSMB] Strange memory behavior
Next by Date: Re: [mosquitto-dev] OpenSSL error
Previous by thread: Re: [mosquitto-dev] SSL3_GET_RECORD:wrong version number
Next by thread: [mosquitto-dev] Michael Chen is out of the office.
Index(es):
- Date
- Thread

Breadcrumbs