Mosquitto Bridge fails with wrong ssl version error
up vote
0
down vote
favorite
long time reader, first time poster here.
I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.
Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.
Mosquitto.conf:
port <port>
persistence true
persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem
allow_anonymous false
connection_messages true
log_timestamp true
Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
It is configured as a bridge to Broker 1.
mosquitto.conf:
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
connection uberspace-bridge
address <url>:<port>
topic # out 0
topic # in 0
clientid <id>
username <username>
password <password>
bridge_capath /etc/ssl/certs/
When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:
1541447922: Bridge <id> sending CONNECT
1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
1541447922: Socket error on client local.<id>, disconnecting.
However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via
openssl s_client -connect <url>:<port>
everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx
Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.
Thank you!
ssl openssl mqtt iot mosquitto
asked Nov 7 at 20:53
Dr_Parrot
11
add a comment |
up vote
0
down vote
favorite
long time reader, first time poster here.
I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.
Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.
Mosquitto.conf:
port <port>
persistence true
persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem
allow_anonymous false
connection_messages true
log_timestamp true
Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
It is configured as a bridge to Broker 1.
mosquitto.conf:
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
connection uberspace-bridge
address <url>:<port>
topic # out 0
topic # in 0
clientid <id>
username <username>
password <password>
bridge_capath /etc/ssl/certs/
When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:
1541447922: Bridge <id> sending CONNECT
1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
1541447922: Socket error on client local.<id>, disconnecting.
However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via
openssl s_client -connect <url>:<port>
everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx
Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.
Thank you!
ssl openssl mqtt iot mosquitto
asked Nov 7 at 20:53
Dr_Parrot
11
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
long time reader, first time poster here.
I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.
Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.
Mosquitto.conf:
port <port>
persistence true
persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem
allow_anonymous false
connection_messages true
log_timestamp true
Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
It is configured as a bridge to Broker 1.
mosquitto.conf:
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
connection uberspace-bridge
address <url>:<port>
topic # out 0
topic # in 0
clientid <id>
username <username>
password <password>
bridge_capath /etc/ssl/certs/
When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:
1541447922: Bridge <id> sending CONNECT
1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
1541447922: Socket error on client local.<id>, disconnecting.
However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via
openssl s_client -connect <url>:<port>
everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx
Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.
Thank you!
ssl openssl mqtt iot mosquitto
asked Nov 7 at 20:53
Dr_Parrot
11
long time reader, first time poster here.
I am currently trying to set up a MQTT system where I have a central broker (Broker 1) running on a server and requiring TLS encryption and a local broker (Broker 2) which is only accessible in my local network and not requiring any kind of encryption or authentication.
My „things“ will publish and subscribe to Broker 2 which should be configured as a bridge to Broker 1, so my things can publish and subscripe to topics on Broker 1 without implementing TLS themselves.
Broker 1 is a Mosquitto instance running on a Cent Os 6 server (my Uberspace) and is configured to require authentication and encryption using a Lets Encrypt certificate.
Mosquitto.conf:
port <port>
persistence true
persistence_location /home/drparrot/mosquitto/var/lib/mosquitto/
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
certfile /home/drparrot/.config/letsencrypt/live/<url>/cert.pem
cafile /home/drparrot/.config/letsencrypt/live/<url>//chain.pem
keyfile /home/drparrot/.config/letsencrypt/live/<url>/ /privkey.pem
allow_anonymous false
connection_messages true
log_timestamp true
Broker 2 is a mosquitto as well running on a raspberry pi which is connected to my local WiFi.
It is configured as a bridge to Broker 1.
mosquitto.conf:
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
connection uberspace-bridge
address <url>:<port>
topic # out 0
topic # in 0
clientid <id>
username <username>
password <password>
bridge_capath /etc/ssl/certs/
When I start Broker 2, I can verify from the logfile, that it tries to connect to Broker 1, but fails with the following message:
1541447922: Bridge <id> sending CONNECT
1541447922: OpenSSL Error: error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version
1541447922: Socket error on client local.<id>, disconnecting.
However, if I try to connect from the Raspberry Pi hosting Broker 2 to the server hosting Broker 1 via
openssl s_client -connect <url>:<port>
everything works fine, so I guess my certificates are all set up correctly and my open ssl versions on the raspberry and the server match in general. Moreover I am able to connect/publish/subscribe to Broker 1 from my Windows machine using MQTT.fx
Does anyone can give me hint what I am doing wrong or what I can do to further debug the problem?
Right now I am pretty stuck, since I am new to SSL/TLS aswell as MQTT and could not find anything useful on google/stackoverflow/mosquitto docs.
Thank you!
ssl openssl mqtt iot mosquitto
ssl openssl mqtt iot mosquitto
asked Nov 7 at 20:53
Dr_Parrot
11
asked Nov 7 at 20:53
Dr_Parrot
11
asked Nov 7 at 20:53
Dr_Parrot
11
asked Nov 7 at 20:53
Dr_Parrot
11
asked Nov 7 at 20:53
Dr_Parrot
11
11
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53197641%2fmosquitto-bridge-fails-with-wrong-ssl-version-error%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
