Re: [paho-dev] paho and tlsv1.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [paho-dev] paho and tlsv1.2

From: Romu Hu <huruomu@xxxxxxxxx>
Date: Tue, 28 Oct 2014 09:34:39 +0800
Delivered-to: paho-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/paho-dev>
List-help: <mailto:paho-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

It's a mosquitto broker configured to use tlsv1.2. I can connect to thebroker by mosquitto_pub/sub using tlsv1.2.


Thanks
Simon

On 2014/10/27 19:57, Roger Light wrote:

Hi Romu,

Just to check - have you tried checking that your remote host does
support tlsv1.2? You could use:

openssl s_client -tls1_2 -connect host:port -showcerts

If you see certificate information then it accepts tlsv1.2, if you see
an error then no.

Cheers,

Roger


On Mon, Oct 27, 2014 at 10:55 AM, Romu Hu <huruomu@xxxxxxxxx> wrote:

Hi,

I learnt from
http://stackoverflow.com/questions/16531807/android-client-server-on-tls-v1-2
that to use tlsv1.2 I have to enable that on the client socket using
setEnabledProtocols().  Below is the code I use to create tlsv1.2 connection
to mosquitto (using tlsv1.2):

SSLContext context = null;
KeyStore ts = KeyStore.getInstance("bks");
ts.load(getResources().openRawResource(R.raw.test666),
"123456".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ts);
TrustManager[] tm = tmf.getTrustManagers();
context = SSLContext.getInstance("TLSV1.2");
context.init(null, tm, null);
SocketFactory factory = context.getSocketFactory();
conOpt.setSocketFactory(factory);
connection.addConnectionOptions(conOpt);
Connections.getInstance(this).addConnection(connection);
client.connect(conOpt, null, callback);

The above code always hit error:

MqttException (0) - javax.net.ssl.SSLHandshakeException:
javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb97b2970:
Failure in SSL library, usually a protocol error error:1407742E:SSL
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
(external/openssl/ssl/s23_clnt.c:741 0x9c3c3b11:0x00000000)

Any idea?


Thanks
Romu
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev

_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev

References:
- [paho-dev] paho and tlsv1.2
  - From: Romu Hu
- Re: [paho-dev] paho and tlsv1.2
  - From: Roger Light

Prev by Date: Re: [paho-dev] paho and tlsv1.2
Next by Date: [paho-dev] Patch for sending Gateway Info Messages
Previous by thread: Re: [paho-dev] paho and tlsv1.2
Next by thread: [paho-dev] Patch for sending Gateway Info Messages
Index(es):
- Date
- Thread

Breadcrumbs