Re: [paho-dev] paho and tlsv1.2

[Roger Light <roger@xxxxxxxxxx>]

Hi Romu,

Just to check - have you tried checking that your remote host does
support tlsv1.2? You could use:

openssl s_client -tls1_2 -connect host:port -showcerts

If you see certificate information then it accepts tlsv1.2, if you see
an error then no.

Cheers,

Roger


On Mon, Oct 27, 2014 at 10:55 AM, Romu Hu <huruomu@xxxxxxxxx> wrote:
> Hi,
>
> I learnt from
> http://stackoverflow.com/questions/16531807/android-client-server-on-tls-v1-2
> that to use tlsv1.2 I have to enable that on the client socket using
> setEnabledProtocols().  Below is the code I use to create tlsv1.2 connection
> to mosquitto (using tlsv1.2):
>
> SSLContext context = null;
> KeyStore ts = KeyStore.getInstance("bks");
> ts.load(getResources().openRawResource(R.raw.test666),
> "123456".toCharArray());
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
> tmf.init(ts);
> TrustManager[] tm = tmf.getTrustManagers();
> context = SSLContext.getInstance("TLSV1.2");
> context.init(null, tm, null);
> SocketFactory factory = context.getSocketFactory();
> conOpt.setSocketFactory(factory);
> connection.addConnectionOptions(conOpt);
> Connections.getInstance(this).addConnection(connection);
> client.connect(conOpt, null, callback);
>
> The above code always hit error:
>
> MqttException (0) - javax.net.ssl.SSLHandshakeException:
> javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb97b2970:
> Failure in SSL library, usually a protocol error
error:1407742E:SSL
> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
> (external/openssl/ssl/s23_clnt.c:741 0x9c3c3b11:0x00000000)
>
> Any idea?
>
>
> Thanks
> Romu
> _______________________________________________
> paho-dev mailing list
> paho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/paho-dev