Roger,
I think I found the answer in reading some
documentation for BearSSL.
mosquitto is configured to require a
certificate from each client. This allows it to verify the
identity of the client and alleviates the need for user
name/password logins for each device. It's quite convenient as
there's one less thing to manage.
The authentication process works like this:
- Broker (mosquitto) requests and receives
a cert from the device.
- Broker verifies cert has valid signature
from local root CA (root CA file declared is in
mosquitto.conf)
- Device must prove it has private key for
cert, by providing a signature for an implicitly agreed amount
of prior TLS traffic.
The problem is step 3. Signing data is not a
permitted use of the X25519 key pair, so the device has no way
to prove that it has the private key.
I think this might work if mosquitto is
configured to NOT require a certificate from each device, but
then user name/password logins would be required for security
and that's another system management headache. I'm not going to
attempt that...not worth the trouble.
On 4/20/2022 12:24 AM, Roger Light
wrote:
Hi,
The easy answer is that I don't know.
More usefully, I would suggest trying to use the "openssl s_client"
and "openssl s_server" tools to reproduce your setup and see if that
works or gives you any more information on why it doesn't work.
Cheers,
Roger
On Tue, 19 Apr 2022 at 16:26, aweatherguy <wsdl@xxxxxxxxxx> wrote:
I hope this is the proper mailing list for this issue. I looked for a users list but couldn't find one. Let me know if this belongs elsewhere.
Having a problem trying to use X25519 with mosquitto broker. A client device (Tasmota) has been configured with a certificate that contains an X25519 public key, and an RSA signature. The broker is configured with "cafile" matching the signature on the device certificate.
A Wireshark capture of the initial TLS connection looks okay with Client and Server Hello packets, but I don't have the expertise to do a deep dive into these packets to say for certain that all is okay. However, I do see the device's Client Hello packet advertising the expected cipher suite (ECDHE_RSA_WITH_AES_128_GCM_SHA256), and the expected public key type (X25519).
The Mosquitto broker logs a message "New connection from <ip address> on port 8883".
For some reason the Client-Hello/Server-Hello exchange happens twice, and then Mosquitto prints this error from the OpenSSL library:
tls_process_cert_verify: signature for non signing certificate
My only guess here is that the error happens because X25519 cannot be used for signing -- only key exchange...but the actual signature on the certificate is an RSA signature from a self-signed root CA that is configured into the broker via "cafile".
Can anyone help me with this? I can provide the broker log text and Wireshark pcap files it that will help any...
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
