Hi Aidan, On the broker configuration you can control the tls version using "tls_version" for a listener, or "bridge_tls_version" for a bridge. Clients can configure the tls version using the mosquitto_tls_opts_set() function. The mosquitto_sub/pub clients allow you to do this with --tls-version.
Cheers, Roger On Sun, Sep 29, 2013 at 2:37 PM, Aidan Gill <aid...@gmail.com> wrote: > That would make sense, as OpenSSL 1.0.0 doesn't support TLS v1.1 or v1.2 - > unfortunately being CentOS it's not easy to upgrade, and there doesn't seem > to be an option in mosquitto to choose which TLS to use. > > Regards > Aidan > > > On 30 September 2013 02:15, Karl P <ka...@tweak.net.au> wrote: >> >> >> This is probably tls version mismatches. 1.2.1 ships as tlsv1.2 by >> default, previous versions were tlsv1 >> >> Cheers, >> Karl P >> >> >> >> On 09/29/2013 01:07 PM, Aidan Gill wrote: >>> >>> I want to enable SSL connections for Mosquitto, but it's producing a >>> random >>> OpenSSL error - I've used my standard ca/server certificates with no >>> luck, and >>> have regenerated more based on the docs with no change. >>> >>> The config is pretty standard: >>> >>> >>> listener 5228 ip_address_here >>> >>> retry_interval 3 >>> user mosquitto >>> >>> max_inflight_messages 20 >>> max_queued_messages 200 >>> >>> persistent_client_expiration 1d >>> >>> log_dest stdout >>> log_type error warning >>> >>> connection_messages true >>> allow_anonymous false >>> >>> password_file /etc/mosquitto/pass >>> acl_file /etc/mosquitto/acl >>> >>> # SSL AUTH >>> capath /etc/mosquitto/certs/ >>> cafile /etc/mosquitto/certs/ca.crt >>> certfile /etc/mosquitto/certs/server.crt >>> keyfile /etc/mosquitto/certs/server.key >>> ciphers AES128-SHA >>> require_certificate true >>> >>> >>> Mosquitto starts up yet continues to accept non-SSL connections, and an >>> OpenSSL >>> error message is printed to the logs: >>> >>> 'OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version >>> number' >>> >>> 1380459817: mosquitto version 1.2.1 (build date 2013-09-18 21:34:45+0000) >>> starting >>> 1380459817: Config loaded from /etc/mosquitto/mosquitto.conf. >>> 1380459817: Opening ipv4 listen socket on port 5228. >>> 1380459817: Opening ipv4 listen socket on port 5228. >>> 1380459817: New connection from 127.0.0.1 on port 5228. >>> 1380459817: OpenSSL Error: error:1408F10B:SSL >>> routines:SSL3_GET_RECORD:wrong >>> version number >>> 1380459817: Socket read error on client (null), disconnecting. >>> 1380459827: New connection from 103.247.154.103 on port 5228. >>> 1380459827: New client connected from 103.247.154.103 as htcuser.6MhAE >>> (c0, k600). >>> 1380459829: New connection from 127.0.0.1 on port 5228. >>> 1380459829: OpenSSL Error: error:1408F10B:SSL >>> routines:SSL3_GET_RECORD:wrong >>> version number >>> 1380459829: Socket read error on client (null), disconnecting. >>> 1380459841: New connection from 127.0.0.1 on port 5228. >>> 1380459841: OpenSSL Error: error:1408F10B:SSL >>> routines:SSL3_GET_RECORD:wrong >>> version number >>> 1380459841: Socket read error on client (null), disconnecting. >>> 1380459853: New connection from 127.0.0.1 on port 5228. >>> 1380459853: OpenSSL Error: error:1408F10B:SSL >>> routines:SSL3_GET_RECORD:wrong >>> version number >>> 1380459853: Socket read error on client (null), disconnecting. >>> >>> >>> Google isn't particularly helpful here - any ideas? For the record I'm >>> running >>> on Centos 6.3, OpenSSL 1.0.0-fips 29 Mar 2010, Mosquitto 1.2.1 >>> >>> Regards >>> -Aidan >>> >>> >> >> -- >> Mailing list: https://launchpad.net/~mosquitto-users >> Post to : mosquitto-users@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~mosquitto-users >> More help : https://help.launchpad.net/ListHelp > > > > -- > Mailing list: https://launchpad.net/~mosquitto-users > Post to : mosquitto-users@lists.launchpad.net > Unsubscribe : https://launchpad.net/~mosquitto-users > More help : https://help.launchpad.net/ListHelp > -- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
