Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Hi Roger,
 
thanks for the help, that changed the situation but did not really help:
 
 
Client side:
 
mosquitto_sub --cafile /home/myuser/CA/all-ca.crt --key /home/myuser/CA/client.key --cert /home/myuser/CA/client.crt  -h 10.0.134.44 -p 8883 -t 'tbbtb' --tls-version tlsv1.2  -d
Unable to connect (8).
 
 
Broker side:
 
1410848100: New connection from 10.0.1.44 on port 8883.
1410848100: OpenSSL Error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
1410848100: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1410848100: Socket error on client (null), disconnecting.
 
 
 
Thanks!
 
Chris
 
Gesendet: Montag, 15. September 2014 um 17:35 Uhr
Von: "Roger Light" <roger@xxxxxxxxxx>
An: "General development discussions for the mosquitto project" <mosquitto-dev@xxxxxxxxxxx>
Betreff: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
On Mon, Sep 15, 2014 at 4:18 PM, <leduke4223@xxxxxxx> wrote:

> The client call is:
> mosquitto_sub --key /home/myuser/CA/client.key --cert
> /home/myuser/CA/client.crt -h 10.0.134.44 -p 8883 -t 'fancysub'
> --tls-version tlsv1.2 -d

You aren't setting a CA certificate so the client doesn't know you
want to use TLS (and wouldn't know which hosts to trust even if it was
using TLS. Try adding "--cafile all-ca.crt".

Cheers,

Roger
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
 
 

Back to the top