MQTT:SSL routines:SSL3_GET_RECORD:wrong version number

StackOverflow https://stackoverflow.com/questions/18917555

  •  29-06-2022
  •  | 
  •  

Question

I am trying to use SSL with MQTT and gets following error,

1379677998: Client connection from 127.0.0.1 failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number.
1379678058: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1379678058: Socket read error on client (null), disconnecting.

My conf file has seetings as below,

port 8883
cafile /home/administrator/Downloads/mosquitto-1.2.1_dilip/test/ssl/test-root-ca.crt (also tried all-ca.crt here)
certfile /home/administrator/Downloads/mosquitto-1.2.1_dilip/test/ssl/server.crt
keyfile /home/administrator/Downloads/mosquitto-1.2.1_dilip/test/ssl/server.key
tls_version tlsv1
require_certificate true (tried commenting this too)

and I run, 08-ssl-connect-cert-auth.test from test folder. code snippet included below

    mosquitto_tls_opts_set(mosq, 1, "tlsv1", NULL);
    mosquitto_tls_set(mosq, "../ssl/test-root-ca.crt", "../ssl/certs", "../ssl/client.crt", "../ssl/client.key", NULL);
    mosquitto_connect_callback_set(mosq, on_connect);
    mosquitto_disconnect_callback_set(mosq, on_disconnect);

    rc = mosquitto_connect(mosq, "localhost", 8883, 60);

Environment info:

Python 2.7.3
OpenSSL 1.0.1 14 Mar 2012
Description:    Ubuntu 12.04.2 LTS
Release:    12.0
mosquitto-1.2.1/mosquitto-1.2

Please let me know what could go wrong here? I also tried generating certificates using gen.sh.

Thanks in advance.

-Dilip

Was it helpful?

Solution

On a general note - you should be generating your own certificates, don't use the ones provided by mosquitto for testing, or use the gen.sh script without modifying it for your own details.

To use the certificates provided, you should be using all-ca.crt in the broker. It contains the example root CA and intermediary CA certificates. The client only requires the root CA for verification purposes.

You are using a full path to the certificates in the broker configuration, but relative paths in the client. Are you sure that they are both correct?

Have you tried running the tests unmodified with make test? This would tell you if there is a problem with your openssl installation for example.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top