Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Paho » PSK TLS does not work with mosquitto broker
PSK TLS does not work with mosquitto broker [message #1852844] Tue, 07 June 2022 10:05 Go to next message
Eclipse UserFriend
I am unable to get PSK TLS to work. PKI TLS works fine so it's not a show stopper for me.

I'm running mosquitto with the following config.

connection_messages true
per_listener_settings true
listener 8883
socket_domain ipv4
psk_hint myfavoriteapple
psk_file /home/teh/hackware/mosquitto/psk.identities
use_identity_as_username false
password_file /home/teh/hackware/mosquitto/tpasswords


mosquitto_sub connects just fine 
mosquitto_sub \
-p 8883 \
-i trucker -t home \
--psk `cat ken.psk` \
--psk-identity ken \
-u ken \
-P 'Ar+++4um'


but paho_c_sub with the same cli args fails to connect.
paho_c_sub \
-c ssl://127.0.0.1:8883 \
-i trucker -t home \
--psk `cat ken.psk` \
--psk-identity ken \
-u ken \
-P 'Ar+++4um'


The mosquitto broker says

1654609477: New connection from 127.0.0.1:56552 on port 8883.
1654609477: OpenSSL Error[0]: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1654609477: Client <unknown> disconnected: Protocol error.


Ok, no shared cipher. So I specify a ciphers in to mosquitto config. Same as above but with 
ciphers RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256


added to the config file. Then, I add the '--ciphers' option to both 
mosquitto_sub
and 
paho_c_sub
. Now both utilities don't work with the same error 'no shared cipher'. Btw, I selected the ciphers from the list printed out by 
openssl ciphers -s -psk
.

I'm going to dig a little into the mosquitto code to see why it works in the first case with no ciphers specified and not the latter. Seems to me either I don't know how to use the utilities or there's some mismatch between paho.mqtt and mosquitto codes when it comes to PSK handling.

I'm tossing this out now in the hopes someone knows the answer. As I said, PKI TLS works so it's no a show stopper., though my initial preference was to use PSK.

One more thing: I wrote my own paho subscriber using the paho c libraries. It has the exact same error: 'no shared ciphers'.
Re: PSK TLS does not work with mosquitto broker [message #1852942 is a reply to message #1852844] Sat, 11 June 2022 16:45 Go to previous messageGo to next message
Eclipse UserFriend
One more data point.

I tried openssl s_client to connect to the mosquitto broker with psk. It works! It suggests that the paho mqtt c library's handling of psk tls is faulty or I just don't know the magic sequence of command line options to make it work.

Pki tls works fine.
Re: PSK TLS does not work with mosquitto broker [message #1867494 is a reply to message #1852844] Wed, 26 June 2024 22:57 Go to previous message
Eclipse UserFriend
Here to reply,
in paho.mqtt.c version 1.3.13
I use the following command, it's worked!
paho_c_pub -c ssl://<host>:<port> -i <cilentId> -t <Topic> --psk <psk_key> --psk-identity <psk_identity> -m <message> --insecure
Need to add --insecure

--insecure avoid CA hostname problem
Previous Topic:subscribe in connectComplete causing race condition when there are messages
Next Topic:Paho MQTT client version
Goto Forum:
  


Current Time: Tue Jun 17 06:27:49 EDT 2025

Powered by FUDForum. Page generated in 0.03186 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly