← Back to team overview

mosquitto-users team mailing list archive

Re: OpenSSL Error on enabling SSL connections

 

That would make sense, as OpenSSL 1.0.0 doesn't support TLS v1.1 or v1.2 -
unfortunately being CentOS it's not easy to upgrade, and there doesn't seem
to be an option in mosquitto to choose which TLS to use.

Regards
Aidan


On 30 September 2013 02:15, Karl P <karlp@xxxxxxxxxxxx> wrote:

>
> This is probably tls version mismatches.  1.2.1 ships as tlsv1.2 by
> default, previous versions were tlsv1
>
> Cheers,
> Karl P
>
>
>
> On 09/29/2013 01:07 PM, Aidan Gill wrote:
>
>> I want to enable SSL connections for Mosquitto, but it's producing a
>> random
>> OpenSSL error - I've used my standard ca/server certificates with no
>> luck, and
>> have regenerated more based on the docs with no change.
>>
>> The config is pretty standard:
>>
>>
>> listener 5228 ip_address_here
>>
>> retry_interval 3
>> user mosquitto
>>
>> max_inflight_messages 20
>> max_queued_messages 200
>>
>> persistent_client_expiration 1d
>>
>> log_dest stdout
>> log_type error warning
>>
>> connection_messages true
>> allow_anonymous false
>>
>> password_file /etc/mosquitto/pass
>> acl_file /etc/mosquitto/acl
>>
>> # SSL AUTH
>> capath /etc/mosquitto/certs/
>> cafile /etc/mosquitto/certs/ca.crt
>> certfile /etc/mosquitto/certs/server.**crt
>> keyfile /etc/mosquitto/certs/server.**key
>> ciphers AES128-SHA
>> require_certificate true
>>
>>
>> Mosquitto starts up yet continues to accept non-SSL connections, and an
>> OpenSSL
>> error message is printed to the logs:
>>
>> 'OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>> number'
>>
>> 1380459817: mosquitto version 1.2.1 (build date 2013-09-18 21:34:45+0000)
>> starting
>> 1380459817: Config loaded from /etc/mosquitto/mosquitto.conf.
>> 1380459817: Opening ipv4 listen socket on port 5228.
>> 1380459817: Opening ipv4 listen socket on port 5228.
>> 1380459817: New connection from 127.0.0.1 on port 5228.
>> 1380459817: OpenSSL Error: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong
>> version number
>> 1380459817: Socket read error on client (null), disconnecting.
>> 1380459827: New connection from 103.247.154.103 on port 5228.
>> 1380459827: New client connected from 103.247.154.103 as htcuser.6MhAE
>> (c0, k600).
>> 1380459829: New connection from 127.0.0.1 on port 5228.
>> 1380459829: OpenSSL Error: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong
>> version number
>> 1380459829: Socket read error on client (null), disconnecting.
>> 1380459841: New connection from 127.0.0.1 on port 5228.
>> 1380459841: OpenSSL Error: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong
>> version number
>> 1380459841: Socket read error on client (null), disconnecting.
>> 1380459853: New connection from 127.0.0.1 on port 5228.
>> 1380459853: OpenSSL Error: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong
>> version number
>> 1380459853: Socket read error on client (null), disconnecting.
>>
>>
>> Google isn't particularly helpful here - any ideas? For the record I'm
>> running
>> on Centos 6.3, OpenSSL 1.0.0-fips 29 Mar 2010, Mosquitto 1.2.1
>>
>> Regards
>> -Aidan
>>
>>
>>
> --
> Mailing list: https://launchpad.net/~**mosquitto-users<https://launchpad.net/~mosquitto-users>
> Post to     : mosquitto-users@lists.**launchpad.net<mosquitto-users@xxxxxxxxxxxxxxxxxxx>
> Unsubscribe : https://launchpad.net/~**mosquitto-users<https://launchpad.net/~mosquitto-users>
> More help   : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>

Follow ups

References