Mosquitto Bridge fails with wrong ssl version error











up vote
0
down vote

favorite












long time reader, first time poster here.



I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.



Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.



Mosquitto.conf:



port <port>
persistence true
persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem

allow_anonymous false

connection_messages true
log_timestamp true


Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
It is configured as a bridge to Broker 1.
mosquitto.conf:



persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log
log_type all

connection uberspace-bridge
address <url>:<port>
topic # out 0
topic # in 0
clientid <id>
username <username>
password <password>
bridge_capath /etc/ssl/certs/


When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:



1541447922: Bridge <id> sending CONNECT
1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
1541447922: Socket error on client local.<id>, disconnecting.


However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via



openssl s_client -connect <url>:<port> 


everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx



Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.



Thank you!










share|improve this question


























    up vote
    0
    down vote

    favorite












    long time reader, first time poster here.



    I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
    My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.



    Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.



    Mosquitto.conf:



    port <port>
    persistence true
    persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
    log_dest topic
    log_type error
    log_type warning
    log_type notice
    log_type information
    certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
    cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
    keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem

    allow_anonymous false

    connection_messages true
    log_timestamp true


    Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
    It is configured as a bridge to Broker 1.
    mosquitto.conf:



    persistence true
    persistence_location /var/lib/mosquitto/

    log_dest file /var/log/mosquitto/mosquitto.log
    log_type all

    connection uberspace-bridge
    address <url>:<port>
    topic # out 0
    topic # in 0
    clientid <id>
    username <username>
    password <password>
    bridge_capath /etc/ssl/certs/


    When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:



    1541447922: Bridge <id> sending CONNECT
    1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
    1541447922: Socket error on client local.<id>, disconnecting.


    However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via



    openssl s_client -connect <url>:<port> 


    everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx



    Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
    Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.



    Thank you!










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      long time reader, first time poster here.



      I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
      My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.



      Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.



      Mosquitto.conf:



      port <port>
      persistence true
      persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
      log_dest topic
      log_type error
      log_type warning
      log_type notice
      log_type information
      certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
      cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
      keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem

      allow_anonymous false

      connection_messages true
      log_timestamp true


      Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
      It is configured as a bridge to Broker 1.
      mosquitto.conf:



      persistence true
      persistence_location /var/lib/mosquitto/

      log_dest file /var/log/mosquitto/mosquitto.log
      log_type all

      connection uberspace-bridge
      address <url>:<port>
      topic # out 0
      topic # in 0
      clientid <id>
      username <username>
      password <password>
      bridge_capath /etc/ssl/certs/


      When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:



      1541447922: Bridge <id> sending CONNECT
      1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
      1541447922: Socket error on client local.<id>, disconnecting.


      However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via



      openssl s_client -connect <url>:<port> 


      everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx



      Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
      Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.



      Thank you!










      share|improve this question













      long time reader, first time poster here.



      I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
      My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.



      Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.



      Mosquitto.conf:



      port <port>
      persistence true
      persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
      log_dest topic
      log_type error
      log_type warning
      log_type notice
      log_type information
      certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
      cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
      keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem

      allow_anonymous false

      connection_messages true
      log_timestamp true


      Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
      It is configured as a bridge to Broker 1.
      mosquitto.conf:



      persistence true
      persistence_location /var/lib/mosquitto/

      log_dest file /var/log/mosquitto/mosquitto.log
      log_type all

      connection uberspace-bridge
      address <url>:<port>
      topic # out 0
      topic # in 0
      clientid <id>
      username <username>
      password <password>
      bridge_capath /etc/ssl/certs/


      When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:



      1541447922: Bridge <id> sending CONNECT
      1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
      1541447922: Socket error on client local.<id>, disconnecting.


      However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via



      openssl s_client -connect <url>:<port> 


      everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx



      Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
      Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.



      Thank you!







      ssl openssl mqtt iot mosquitto






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 7 at 20:53









      Dr_Parrot

      11




      11





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53197641%2fmosquitto-bridge-fails-with-wrong-ssl-version-error%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53197641%2fmosquitto-bridge-fails-with-wrong-ssl-version-error%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          Xamarin.form Move up view when keyboard appear

          Post-Redirect-Get with Spring WebFlux and Thymeleaf

          Anylogic : not able to use stopDelay()