Domoticz MQTT - OpenSSL error - mosquitto tls version

Topics (not sure which fora)
when not sure where to post, post here and mods will move it to right forum.

Moderators: leecollings, remb0

Post Reply
tuxmartin
Posts: 11
Joined: Wednesday 06 September 2017 12:47
Target OS: Linux
Domoticz version:
Location: CZ
Contact:
Contact tuxmartin

Domoticz MQTT - OpenSSL error - mosquitto tls version

Post by tuxmartin »

I have problem with TLS version.
My mosquitto TLS config:

Code: Select all

# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/ca_certificates/server.crt
keyfile /etc/mosquitto/ca_certificates/server.key
require_certificate false
tls_version tlsv1 # = tlsv1.0 tlsv1.1 tlsv1.2
If I connect using:

Code: Select all

mosquitto_pub -h server.example.net -p 8883 -t test/pokus -m 'abc' --cafile /ca.crt -u 'test' -P 'test'
I got error Error: A TLS error occurred.

An in mosquitto log:

Code: Select all

1509365431: New connection from ::1 on port 8883.
1509365431: OpenSSL Error: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
1509365431: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1509365431: Socket error on client <unknown>, disconnecting.
If set tlsv1 param, it works:

Code: Select all

mosquitto_pub -h server.example.net -p 8883 -t test/pokus -m 'abc' --cafile /ca.crt -u 'test' -P 'test' --tls-version tlsv1
In Domoticz there is no tls version config. In log I see:

Code: Select all

1509365981: New connection from 127.0.0.1 on port 8883.
1509365981: OpenSSL Error: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
1509365981: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1509365981: Socket error on client <unknown>, disconnecting.
1509365981: New connection from 127.0.0.1 on port 8883.
1509365981: OpenSSL Error: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
1509365981: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1509365981: Socket error on client <unknown>, disconnecting.
1509365981: New connection from 127.0.0.1 on port 8883.
1509365981: OpenSSL Error: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
1509365981: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1509365981: Socket error on client <unknown>, disconnecting.
How can I fix it?


Domoticz v3.8153
Ubuntu 16.04 (armbian, orange pi)
mosquitto 1.4.12-1
Top
RadioAir
Posts: 2
Joined: Tuesday 14 November 2017 20:06
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:
Contact RadioAir

Re: Domoticz MQTT - OpenSSL error - mosquitto tls version

Post by RadioAir »

I'm having the exact same issue. What I tried to resolve it (but failed):

-Setting TLS version hardcoded to TLS1.0/1.1/1.2 (on TLS1.2 the connection to my MQTT SonOff devices broke), this didn't work
-Updating OpenSSL to newest version available on apt-get: OpenSSL 1.0.1t 3 May 2016 (Library: OpenSSL 1.0.2l 25 May 2017)
-Compiling OpenSSL 1.1.0 but this failed with an error
-Trying to connect as localhost/IP of Raspberry (OSMC)

It seems Domoticz does the handshake in a way that OpenSSL/Mosquitto does not understand properly. I can connect to Mosquitto using the terminal with my ca.crt just fine so that does not seem to be the problem.

As I really would like to use MQTT with SSL, is there any way to fix this? :)
Top
Post Reply

Return to “Other questions and discussions”

Who is online

Users browsing this forum: Bing [Bot] and 1 guest