← Back to team overview

mosquitto-users team mailing list archive

  1. mosquitto-users team
  2. Mailing list archive
  3. Message #00313

OpenSSL Error on enabling SSL connections

  Thread PreviousDate PreviousThread Next 
I want to enable SSL connections for Mosquitto, but it's producing a random
OpenSSL error - I've used my standard ca/server certificates with no luck,
and have regenerated more based on the docs with no change.

The config is pretty standard:


listener 5228 ip_address_here

retry_interval 3
user mosquitto

max_inflight_messages 20
max_queued_messages 200

persistent_client_expiration 1d

log_dest stdout
log_type error warning

connection_messages true
allow_anonymous false

password_file /etc/mosquitto/pass
acl_file /etc/mosquitto/acl

# SSL AUTH
capath /etc/mosquitto/certs/
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
ciphers AES128-SHA
require_certificate true


Mosquitto starts up yet continues to accept non-SSL connections, and an
OpenSSL error message is printed to the logs:

'OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number'

1380459817: mosquitto version 1.2.1 (build date 2013-09-18 21:34:45+0000)
starting
1380459817: Config loaded from /etc/mosquitto/mosquitto.conf.
1380459817: Opening ipv4 listen socket on port 5228.
1380459817: Opening ipv4 listen socket on port 5228.
1380459817: New connection from 127.0.0.1 on port 5228.
1380459817: OpenSSL Error: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
1380459817: Socket read error on client (null), disconnecting.
1380459827: New connection from 103.247.154.103 on port 5228.
1380459827: New client connected from 103.247.154.103 as htcuser.6MhAE (c0,
k600).
1380459829: New connection from 127.0.0.1 on port 5228.
1380459829: OpenSSL Error: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
1380459829: Socket read error on client (null), disconnecting.
1380459841: New connection from 127.0.0.1 on port 5228.
1380459841: OpenSSL Error: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
1380459841: Socket read error on client (null), disconnecting.
1380459853: New connection from 127.0.0.1 on port 5228.
1380459853: OpenSSL Error: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
1380459853: Socket read error on client (null), disconnecting.


Google isn't particularly helpful here - any ideas? For the record I'm
running on Centos 6.3, OpenSSL 1.0.0-fips 29 Mar 2010, Mosquitto 1.2.1

Regards
-Aidan

Follow ups

  Thread PreviousDate PreviousThread Next