Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto 
George,

Have you tried adding the "--tls-version" and "--insecure" options to the mosquitto_sub command?  Something like this:

mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v -d -u <username> -P <password> --tls-version tlsv1 --insecure

Dwayne


-----Original Message-----
From: mosquitto-dev-bounces@xxxxxxxxxxx [mailto:mosquitto-dev-bounces@xxxxxxxxxxx] On Behalf Of George Willegers
Sent: Wednesday, March 22, 2017 3:23 PM
To: mosquitto-dev@xxxxxxxxxxx
Subject: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto



*** Exercise caution. This is an EXTERNAL email. DO NOT open attachments or click links from unknown senders or unexpected email. ***

Hello,

I have Mosquitto 1.4.11 running on a Raspberry Pi. The Pi is running Rasbian, kernel version 4.4.50-v7+.

I am now trying to setup TLS to create an encrypted connection. I used the script from the OwnTracks instructions (generate-CA.sh).

The relevant part of the configuration is:

     listener 1883 127.0.0.1
     listener 8883
     tls_version tlsv1
     cafile /etc/mosquitto/ca_certificates/ca.crt
     certfile /etc/mosquitto/certs/pi1.crt
     keyfile /etc/mosquitto/certs/pi1.key
     require_certificate false
     allow_anonymous false

To test I run (on the Pi):

     mosquitto_sub -t \$SYS/broker/bytes/\# -v -d -u <username> -P <password>

And the result is:

     Client mosqsub/3710-pi1 sending CONNECT
     Client mosqsub/3710-pi1 received CONNACK
     Client mosqsub/3710-pi1 sending SUBSCRIBE (Mid: 1, Topic:
$SYS/broker/bytes/#, QoS: 0)
     Client mosqsub/3710-pi1 received SUBACK
     Subscribed (mid: 1): 0
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0, '$SYS/broker/bytes/received', ... (2 bytes))
     $SYS/broker/bytes/received 10
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0, '$SYS/broker/bytes/sent', ... (1 bytes))
     $SYS/broker/bytes/sent 0
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0, '$SYS/broker/bytes/received', ... (2 bytes))
     $SYS/broker/bytes/received 87
     Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0, '$SYS/broker/bytes/sent', ... (2 bytes))
     $SYS/broker/bytes/sent 68
     ^C

When I try to use TLS:

     mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v -d -u <username> -P <password>

The result is:

     Unable to connect (A TLS error occurred.).

mosquitto.log shows:

     1490210296: New connection from 127.0.0.1 on port 8883.
     1490210296: OpenSSL Error: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version
     1490210296: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
     1490210296: Socket error on client <unknown>, disconnecting.

Adding -h <hostname> or -h localhost or -h 127.0.0.1 does not change anything.

I then recreated the certificate and related files with openssl, using instructions I found here:
http://www.steves-internet-guide.com/mosquitto-tls/
Unfortunately that did not change the results I get.

What is wrong in my setup?

Regards,
George
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top