[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[mosquitto-dev] TLS handshake failure when connecting to Mosquitto
|
Hello,
I have Mosquitto 1.4.11 running on a Raspberry Pi. The Pi is running
Rasbian, kernel version 4.4.50-v7+.
I am now trying to setup TLS to create an encrypted connection. I used
the script from the OwnTracks instructions (generate-CA.sh).
The relevant part of the configuration is:
listener 1883 127.0.0.1
listener 8883
tls_version tlsv1
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/pi1.crt
keyfile /etc/mosquitto/certs/pi1.key
require_certificate false
allow_anonymous false
To test I run (on the Pi):
mosquitto_sub -t \$SYS/broker/bytes/\# -v -d -u <username> -P
<password>
And the result is:
Client mosqsub/3710-pi1 sending CONNECT
Client mosqsub/3710-pi1 received CONNACK
Client mosqsub/3710-pi1 sending SUBSCRIBE (Mid: 1, Topic:
$SYS/broker/bytes/#, QoS: 0)
Client mosqsub/3710-pi1 received SUBACK
Subscribed (mid: 1): 0
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0,
'$SYS/broker/bytes/received', ... (2 bytes))
$SYS/broker/bytes/received 10
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0,
'$SYS/broker/bytes/sent', ... (1 bytes))
$SYS/broker/bytes/sent 0
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0,
'$SYS/broker/bytes/received', ... (2 bytes))
$SYS/broker/bytes/received 87
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0,
'$SYS/broker/bytes/sent', ... (2 bytes))
$SYS/broker/bytes/sent 68
^C
When I try to use TLS:
mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v
-d -u <username> -P <password>
The result is:
Unable to connect (A TLS error occurred.).
mosquitto.log shows:
1490210296: New connection from 127.0.0.1 on port 8883.
1490210296: OpenSSL Error: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version
1490210296: OpenSSL Error: error:140940E5:SSL
routines:SSL3_READ_BYTES:ssl handshake failure
1490210296: Socket error on client <unknown>, disconnecting.
Adding -h <hostname> or -h localhost or -h 127.0.0.1 does not change
anything.
I then recreated the certificate and related files with openssl, using
instructions I found here:
http://www.steves-internet-guide.com/mosquitto-tls/
Unfortunately that did not change the results I get.
What is wrong in my setup?
Regards,
George