ESP8266 with mosquitto fails TLS handshake

Question

I want to establish a TLS connection from ESP8266 to a mosquitto MQTT Server.

I'm using the Adafruit example INO with WiFiClientSecure, which successfully connects to my Wifi works fine with other MQTT Servers (e.g. iot.eclipse.org:8883)

Just when I'm trying to connect to my own mosquitto instance, it fail In the mosquitto log shows:

OpenSSL Error: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number

My mosquitto.conf looks like this

pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
allow_anonymous false
listener 51883
password_file /etc/mosquitto/pwfile

conf.d contains:

cafile /etc/letsencrypt/live/<my-domain>/fullchain.pem
certfile /etc/letsencrypt/live/<my-domain>/fullchain.pem
keyfile /etc/letsencrypt/live/<my-domain>/privkey.pem

The certificates are generated using let's encrypt- Connection from MQTT-Dash (Adnroid App) works perfectly.

I couldn't figure out which TLS Version the WiFiClientSecure is using or how defne it.

Add the rest of the mosquitto.conf (probably a second file in /etc/mosquitto/conf.d) as there is no TLS configuration in anything you've included there — hardillb
So you don't appear to be limiting the mosquitto side (tls_version), it should support 1.0, 1.1 & 1.2 in default mode. I'd be tempted to workout how to make openssl run in verbose mode or run wireshark to see what is actually getting sent on the wire — hardillb

hardillb hardillb · Accepted Answer · 2017-10-13T18:59:43

Looking at this question asked today it seems you may have to specify a tls_version after all to get things to work

listener 8883
certfile /etc/letsencrypt/live/home.kamidesigns.be/cert.pem
cafile /etc/letsencrypt/live/home.kamidesigns.be/chain.pem
keyfile /etc/letsencrypt/live/home.kamidesigns.be/privkey.pem
tls_version tlsv1.2

ESP8266 with mosquitto fails TLS handshake

1 Answers