[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
|
I tried both options, without success. I still get the ssl handshake
failure.
Op 22-03-17 om 21:42 schreef Bradley, Dwayne:
George,
Have you tried adding the "--tls-version" and "--insecure" options to the mosquitto_sub command? Something like this:
mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v -d -u <username> -P <password> --tls-version tlsv1 --insecure
Dwayne
-----Original Message-----
From: mosquitto-dev-bounces@xxxxxxxxxxx [mailto:mosquitto-dev-bounces@xxxxxxxxxxx] On Behalf Of George Willegers
Sent: Wednesday, March 22, 2017 3:23 PM
To: mosquitto-dev@xxxxxxxxxxx
Subject: [mosquitto-dev] TLS handshake failure when connecting to Mosquitto
*** Exercise caution. This is an EXTERNAL email. DO NOT open attachments or click links from unknown senders or unexpected email. ***
Hello,
I have Mosquitto 1.4.11 running on a Raspberry Pi. The Pi is running Rasbian, kernel version 4.4.50-v7+.
I am now trying to setup TLS to create an encrypted connection. I used the script from the OwnTracks instructions (generate-CA.sh).
The relevant part of the configuration is:
listener 1883 127.0.0.1
listener 8883
tls_version tlsv1
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/pi1.crt
keyfile /etc/mosquitto/certs/pi1.key
require_certificate false
allow_anonymous false
To test I run (on the Pi):
mosquitto_sub -t \$SYS/broker/bytes/\# -v -d -u <username> -P <password>
And the result is:
Client mosqsub/3710-pi1 sending CONNECT
Client mosqsub/3710-pi1 received CONNACK
Client mosqsub/3710-pi1 sending SUBSCRIBE (Mid: 1, Topic:
$SYS/broker/bytes/#, QoS: 0)
Client mosqsub/3710-pi1 received SUBACK
Subscribed (mid: 1): 0
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0, '$SYS/broker/bytes/received', ... (2 bytes))
$SYS/broker/bytes/received 10
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r1, m0, '$SYS/broker/bytes/sent', ... (1 bytes))
$SYS/broker/bytes/sent 0
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0, '$SYS/broker/bytes/received', ... (2 bytes))
$SYS/broker/bytes/received 87
Client mosqsub/3710-pi1 received PUBLISH (d0, q0, r0, m0, '$SYS/broker/bytes/sent', ... (2 bytes))
$SYS/broker/bytes/sent 68
^C
When I try to use TLS:
mosquitto_sub -t \$SYS/broker/bytes/\# --cafile ca.crt -p 8883 -v -d -u <username> -P <password>
The result is:
Unable to connect (A TLS error occurred.).
mosquitto.log shows:
1490210296: New connection from 127.0.0.1 on port 8883.
1490210296: OpenSSL Error: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version
1490210296: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1490210296: Socket error on client <unknown>, disconnecting.
Adding -h <hostname> or -h localhost or -h 127.0.0.1 does not change anything.
I then recreated the certificate and related files with openssl, using instructions I found here:
http://www.steves-internet-guide.com/mosquitto-tls/
Unfortunately that did not change the results I get.
What is wrong in my setup?
Regards,
George
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev