MQTT TLS session resumption in C

2
votes

I'm using the Eclipse Paho MQTT C client to connect to a mosquitto broker with TLS using openssl. This is part of my code:

MQTTClient client;
MQTTClient_connectOptions conn_opts = MQTTClient_connectOptions_initializer;
MQTTClient_message pubmsg = MQTTClient_message_initializer;
MQTTClient_SSLOptions sslOptions = MQTTClient_SSLOptions_initializer;
MQTTClient_deliveryToken token;

int rc;

MQTTClient_create(&client, ADDRESS, CLIENTID,
    MQTTCLIENT_PERSISTENCE_NONE, NULL);

conn_opts.keepAliveInterval = 20;
conn_opts.cleansession = 1;

/* TLS */
sslOptions.enableServerCertAuth = 0;
sslOptions.trustStore = "ca_rsp.crt";
conn_opts.ssl = &sslOptions;


if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)
{
    printf("Failed to connect, return code %d\n", rc);
    exit(EXIT_FAILURE);
}

Actually every time I reconnect to the broker, the client make a full handshake. I would like to use the TLS session resumption to reduce the overhead. I've search around the web but I haven't found any example of how o implement that in a simple way.

Any suggestion?

Thanks

3
csslmqtttls1.2paho

3 Answers

0
votes

This came up recently on the mosquitto dev mailing list here https://dev.eclipse.org/mhonarc/lists/mosquitto-dev/msg01606.html

The following excerpt seams to imply it may not be possible just yet with the code as it is.

How can I use Mosquitto / OpenSSL C API to leverage session tickets in an MQTT C client ?

Not at the moment, this needs code changes that are a bit more involved - it looks like we need to use SSL_set_session() to apply a saved session to your client and SSL_CTX_sess_set_new_cb() to save the session out.

Is there any way I could persist session tickets on the clients, so they would remain valid across reboot ?

With the above changes, yes.

0
votes

Make conn_opts.cleansession = 0; Disabling the cleansession flag in PAHO-client programs enables session resumption. I have already verified it with wireshark.

With session Resumption, 1st packet transmission

1

We can see 4 times communication between server and client in 1 image and even certificates are transferred.

With session Resumption ,screenshot taken for 2nd packet transmission

2 Observe both images carefully , there is only 3 times communication between server and client in2 image, hence the server negotiates not to perform full handshake.

Session resumption time limit is 7200 seconds.

But setting the cleansession flag to 1 will always perform full handshake which means no session resumption.

0
votes

I feel it was a good decision taken by PAHO people who made clean session flag linked with session resumption because mosquitto client provided in github lacks this inbuilt feature of session resumption.

Go through the specification of MQTT v3.1.1

Or refer MQTT specification in their website