[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Unable to use openssl 3.X.X
|
> On Mar 26, 2024, at 02:31, Ben Hardill via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> wrote:
>
> It would probably help to clarify which end of the connection has openssl 3.x.x is it the client,the broker or both?
>
> Also the logs from both sides of the connection may shed more light on the situation.
>
> Also how is the broker configured? I'm going to guess that OpenSSL v3.x is defaulting to only supporting newer version of TLS and may need configuration options setting to re-enable older versions if the broker is using older OpenSSL or configured to pin to old versions.
>
This may not be applicable in your situation, but after a multi day head scratching outage, I took SSL out of my broker completely. And I’ve done the same with some of my other services. I use nginx proxypass to front the ssl translation, and let the mqtt broker and other software do their own thing with simple sockets. I’m sure I lose a little in performance with the translation, but not trying to chase down SSL incompatibilities, and just letting nginx do the job well has saved me a ton of headaches. YMMV
