[mosquitto-dev] TLS handshake failure when connecting to Mosquitto

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] TLS handshake failure when connecting to Mosquitto

From: George Willegers <george@xxxxxxxxxxxxx>
Date: Wed, 22 Mar 2017 20:23:09 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

Hello,

I have Mosquitto 1.4.11 running on a Raspberry Pi. The Pi is runningRasbian, kernel version 4.4.50-v7+.

I am now trying to setup TLS to create an encrypted connection. I usedthe script from the OwnTracks instructions (generate-CA.sh).


The relevant part of the configuration is:

    listener 1883 127.0.0.1
    listener 8883
    tls_version tlsv1
    cafile /etc/mosquitto/ca_certificates/ca.crt
    certfile /etc/mosquitto/certs/pi1.crt
    keyfile /etc/mosquitto/certs/pi1.key
    require_certificate false
    allow_anonymous false

To test I run (on the Pi):

mosquitto_sub -t \$SYS/broker/bytes/\# -v -d -u <username> -P<password>


And the result is:

    Client mosqsub/3710-pi1 sending CONNECT
    Client mosqsub/3710-pi1 received CONNACK

Client mosqsub/3710-pi1 sending SUBSCRIBE (Mid: 1, Topic:$SYS/broker/bytes/#, QoS: 0)

    Client mosqsub/3710-pi1 received SUBACK
    Subscribed (mid: 1): 0

Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0,'$SYS/broker/bytes/received', ... (2 bytes))

    $SYS/broker/bytes/received 10

Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0,'$SYS/broker/bytes/sent', ... (1 bytes))

    $SYS/broker/bytes/sent 0

Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0,'$SYS/broker/bytes/received', ... (2 bytes))

    $SYS/broker/bytes/received 87

Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0,'$SYS/broker/bytes/sent', ... (2 bytes))

    $SYS/broker/bytes/sent 68
    ^C

When I try to use TLS:

mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v-d -u <username> -P <password>


The result is:

    Unable to connect (A TLS error occurred.).

mosquitto.log shows:

    1490210296: New connection from 127.0.0.1 on port 8883.

1490210296: OpenSSL Error: error:1409442E:SSLroutines:SSL3_READ_BYTES:tlsv1 alert protocol version1490210296: OpenSSL Error: error:140940E5:SSLroutines:SSL3_READ_BYTES:ssl handshake failure

    1490210296: Socket error on client <unknown>, disconnecting.

Adding -h <hostname> or -h localhost or -h 127.0.0.1 does not changeanything.

I then recreated the certificate and related files with openssl, usinginstructions I found here:

http://www.steves-internet-guide.com/mosquitto-tls/
Unfortunately that did not change the results I get.

What is wrong in my setup?

Regards,
George

Follow-Ups:
- Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
  - From: Bradley, Dwayne
- Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
  - From: Jeff Armstrong

References:
- [mosquitto-dev] Can't get Mosquitto working with TLS on Raspberry Pi
  - From: George Willegers
- Re: [mosquitto-dev] Can't get Mosquitto working with TLS on Raspberry Pi
  - From: Ben Hardill

Prev by Date: Re: [mosquitto-dev] Mosquitto disconnect when trying to send retain message
Next by Date: Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
Previous by thread: Re: [mosquitto-dev] Can't get Mosquitto working with TLS on Raspberry Pi
Next by thread: Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
Index(es):
- Date
- Thread

Breadcrumbs