Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
Hi George and others,

I'm having potentially the same issue and can't figure it out either. To add another datapoint I'll explain my issue so we can maybe find something in common.

My mosquitto broker is 1.4.10. And is running in an AWS instance. If another app in the same instance connects to it, it's fine. If I connect to it from my laptop with the same configuration, I get errors. On the client side I see the TLS error, and on the broker I see:

1490127303: OpenSSL Error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

I'm pretty stumped and haven't been able to find anything very useful online about this issue.

Thanks,
Jeff


On Wed, Mar 22, 2017 at 3:23 PM George Willegers <george@xxxxxxxxxxxxx> wrote:
Hello,

I have Mosquitto 1.4.11 running on a Raspberry Pi. The Pi is running
Rasbian, kernel version 4.4.50-v7+.

I am now trying to setup TLS to create an encrypted connection. I used
the script from the OwnTracks instructions (generate-CA.sh).

The relevant part of the configuration is:

     listener 1883 127.0.0.1
     listener 8883
     tls_version tlsv1
     cafile /etc/mosquitto/ca_certificates/ca.crt
     certfile /etc/mosquitto/certs/pi1.crt
     keyfile /etc/mosquitto/certs/pi1.key
     require_certificate false
     allow_anonymous false

To test I run (on the Pi):

     mosquitto_sub -t \$SYS/broker/bytes/\# -v -d -u <username> -P
<password>

And the result is:

     Client mosqsub/3710-pi1 sending CONNECT
     Client mosqsub/3710-pi1 received CONNACK
     Client mosqsub/3710-pi1 sending SUBSCRIBE (Mid: 1, Topic:
$SYS/broker/bytes/#, QoS: 0)
     Client mosqsub/3710-pi1 received SUBACK
     Subscribed (mid: 1): 0
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0,
'$SYS/broker/bytes/received', ... (2 bytes))
     $SYS/broker/bytes/received 10
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0,
'$SYS/broker/bytes/sent', ... (1 bytes))
     $SYS/broker/bytes/sent 0
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0,
'$SYS/broker/bytes/received', ... (2 bytes))
     $SYS/broker/bytes/received 87
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0,
'$SYS/broker/bytes/sent', ... (2 bytes))
     $SYS/broker/bytes/sent 68
     ^C

When I try to use TLS:

     mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v
-d -u <username> -P <password>

The result is:

     Unable to connect (A TLS error occurred.).

mosquitto.log shows:

     1490210296: New connection from 127.0.0.1 on port 8883.
     1490210296: OpenSSL Error: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version
     1490210296: OpenSSL Error: error:140940E5:SSL
routines:SSL3_READ_BYTES:ssl handshake failure
     1490210296: Socket error on client <unknown>, disconnecting.

Adding -h <hostname> or -h localhost or -h 127.0.0.1 does not change
anything.

I then recreated the certificate and related files with openssl, using
instructions I found here:
http://www.steves-internet-guide.com/mosquitto-tls/
Unfortunately that did not change the results I get.

What is wrong in my setup?

Regards,
George
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
--
Jeff Armstrong
Software Engineer
Greenfield Labs

Back to the top