Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mosquitto certificate SSL23_GET_CLIENT_HELLO:unknown protocol

I'm been desperately trying to get my MQTT clients to connect to a MQTT broker which is set up with a certificate from a CA. (Letsencrypt: https://pypi.python.org/pypi/letsencrypt/0.4.1) I'm using the same certificate for my https site, and that seems to work fine. I'm not sure if that holds any connection, though.

I've used this guide to set-up the certificates for the broker (http://mosquitto.org/2015/12/using-lets-encrypt-certificates-with-mosquitto/)

The broker, v1.4.8 seems to work fine with the following config:

cafile chain.pem
certfile cert.pem
keyfile privkey.pem

[ ok ] mosquitto is running.

Clients attempting to connect to this broker with debug message yields:

Client mosqsub/42074-titan sending CONNECT

On my broker's side log I recieve this error message:

1457358950: New connection from NOT.TELLING.YOU.OBVIOUSLY on port 8883.
1457358950: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1457358950: Socket error on client <unknown>, disconnecting.

I've searched high and wide for a solution to this, sadly there is little to nothing out there.

Any help would be greatly appreciated! Thank you!

like image 527
user5740843 Avatar asked Mar 07 '16 14:03

user5740843


2 Answers

I ran into this problem with the paho.mqtt.c MQTT client library when I was using tcp as a protocol instead of ssl.

So I had to use

ssl://1.2.3.4:56789

instead of

tcp://1.2.3.4:56789

Also when using paho.mqtt.c make sure you are linking against the libs with SSL support and that the libs with SSL support are actually built with SSL support! There used to be a bug in a CMake file in which a define was missing (OPENSSL) and thus the SSL libraries did not offer SSL support...

like image 148
DrP3pp3r Avatar answered Nov 02 '22 14:11

DrP3pp3r


My guess is that you've not enabled TLS mode - did you pass --cafile to mosquitto_sub?

like image 45
ralight Avatar answered Nov 02 '22 12:11

ralight