This is probably tls version mismatches. 1.2.1 ships as tlsv1.2 by default, previous versions were tlsv1
Cheers, Karl P On 09/29/2013 01:07 PM, Aidan Gill wrote:
I want to enable SSL connections for Mosquitto, but it's producing a random OpenSSL error - I've used my standard ca/server certificates with no luck, and have regenerated more based on the docs with no change. The config is pretty standard: listener 5228 ip_address_here retry_interval 3 user mosquitto max_inflight_messages 20 max_queued_messages 200 persistent_client_expiration 1d log_dest stdout log_type error warning connection_messages true allow_anonymous false password_file /etc/mosquitto/pass acl_file /etc/mosquitto/acl # SSL AUTH capath /etc/mosquitto/certs/ cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/server.crt keyfile /etc/mosquitto/certs/server.key ciphers AES128-SHA require_certificate true Mosquitto starts up yet continues to accept non-SSL connections, and an OpenSSL error message is printed to the logs: 'OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number' 1380459817: mosquitto version 1.2.1 (build date 2013-09-18 21:34:45+0000) starting 1380459817: Config loaded from /etc/mosquitto/mosquitto.conf. 1380459817: Opening ipv4 listen socket on port 5228. 1380459817: Opening ipv4 listen socket on port 5228. 1380459817: New connection from 127.0.0.1 on port 5228. 1380459817: OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 1380459817: Socket read error on client (null), disconnecting. 1380459827: New connection from 103.247.154.103 on port 5228. 1380459827: New client connected from 103.247.154.103 as htcuser.6MhAE (c0, k600). 1380459829: New connection from 127.0.0.1 on port 5228. 1380459829: OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 1380459829: Socket read error on client (null), disconnecting. 1380459841: New connection from 127.0.0.1 on port 5228. 1380459841: OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 1380459841: Socket read error on client (null), disconnecting. 1380459853: New connection from 127.0.0.1 on port 5228. 1380459853: OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 1380459853: Socket read error on client (null), disconnecting. Google isn't particularly helpful here - any ideas? For the record I'm running on Centos 6.3, OpenSSL 1.0.0-fips 29 Mar 2010, Mosquitto 1.2.1 Regards -Aidan
-- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
