Re: [mqtt] SSL problem with mosquitto and java client

1,117 views

MQTT

Skip to first unread message

Nicholas O'Leary

unread,

Nov 6, 2012, 6:23:41 AM11/6/12

to mq...@googlegroups.com

Hi Arek,

can you post this to the mosquitto or paho mailing lists?

http://mosquitto.org/support/

http://eclipse.org/paho/support.php

This group is for the protocol rather than any specific implementation.

Thanks,

Nick

On 6 November 2012 11:16, arek <arkadius...@gmail.com> wrote:

Hi
I hope I do not spam, but I have not found a good tutorial of using SSL with mosquitto and got stuck on running very simple example. Maybe somebody will be willing to help in that issue. Basing on http://stackoverflow.com/questions/12997559/ssl-connection-from-java-client-eclipse-paho-to-mosquitto-broker-unknown-ca post and http://mosquitto.org/man/mosquitto-tls-7.html I prepared a set of CA, server and client certificates and tried to use them in simple java code:

       System.setProperty("javax.net.debug", "all");

        try {
        MqttClient client = new MqttClient("ssl://localhost:4000", "publisher");
        MqttConnectOptions opts = new MqttConnectOptions();
        try {
            opts.setSocketFactory(getSocketFactory(PATH + File.separator + "ca.crt",
                                                    PATH + File.separator + "client.crt",
                                                    PATH + File.separator + "client.key",
                                                    "aaa"));
        } catch (Exception e1) {
            e1.printStackTrace();
        }
        CallBack callback = new CallBack();
        client.setCallback(callback);
        client.connect(opts);

getSocketFactory method is exactly the same code as in answer for http://stackoverflow.com/questions/12997559/ssl-connection-from-java-client-eclipse-paho-to-mosquitto-broker-unknown-ca topic.

But running of this code causes following error on client side

adding as trusted cert:
Subject: CN=g, OU=f, O=d, L=s, ST=a, C=PL
Issuer: CN=g, OU=f, O=d, L=s, ST=a, C=PL
Algorithm: RSA; Serial number: 0xb5dedcfa933b431b
Valid from Tue Nov 06 09:49:26 CET 2012 until Fri Nov 04 09:49:26 CET 2022

trigger seeding of SecureRandom
done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Thread-0, setSoTimeout(30000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1335352755 bytes = { 145, 55, 195, 211, 68, 153, 188, 20, 64, 208, 102, 237, 220, 204, 248, 15, 23, 253, 121, 102, 11, 224, 119, 68, 240, 68, 35, 51 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes: len = 149
0000: 01 00 00 91 03 01 50 98   DE B3 91 37 C3 D3 44 99 ......P....7..D.
0010: BC 14 40 D0 66 ED DC CC   F8 0F 17 FD 79 66 0B E0 ..@.f.......yf..
0020: 77 44 F0 44 23 33 00 00   2A 00 33 C0 04 00 16 00 wD.D#3..*.3.....
0030: 05 C0 03 C0 11 C0 02 C0   07 C0 13 C0 08 C0 0C 00 ................
0040: FF C0 0D C0 0E C0 09 00   2F C0 12 00 04 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 3E 00   0A 00 34 00 32 00 17 00 ......>...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00                                     .....
Thread-0, WRITE: TLSv1 Handshake, length = 149
[Raw write]: length = 154
0000: 16 03 01 00 95 01 00 00   91 03 01 50 98 DE B3 91 ...........P....
0010: 37 C3 D3 44 99 BC 14 40   D0 66 ED DC CC F8 0F 17 7..D...@.f......
0020: FD 79 66 0B E0 77 44 F0   44 23 33 00 00 2A 00 33 .yf..wD.D#3..*.3
0030: C0 04 00 16 00 05 C0 03   C0 11 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D   C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A   01 00 00 3E 00 0A 00 34 ...2.......>...4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02   01 00                    ..........
Thread-0, handling exception: java.net.SocketException: Connection reset
Thread-0, SEND TLSv1 ALERT: fatal, description = unexpected_message
Thread-0, WRITE: TLSv1 Alert, length = 2
Thread-0, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
Thread-0, called closeSocket()
MqttException (0) - java.net.SocketException: Connection reset
    at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:35)
    at org.eclipse.paho.client.mqttv3.internal.ClientComms.connect(ClientComms.java:144)
    at org.eclipse.paho.client.mqttv3.MqttClient.connect(MqttClient.java:336)
    at pl.psnc.mqtt.publisher.Publisher.run(Publisher.java:46)
Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:189)
    at java.net.SocketInputStream.read(SocketInputStream.java:121)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:312)
    at sun.security.ssl.InputRecord.read(InputRecord.java:350)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:861)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1262)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1289)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1273)
    at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:79)
    at org.eclipse.paho.client.mqttv3.internal.ClientComms.connect(ClientComms.java:134)
    ... 2 more

whereas the mosquitto server ver. 1.0.5 returns:

1352195556: Opening ipv6 listen socket on port 4000.
1352195556: Opening ipv4 listen socket on port 4000.
1352195562: New connection from 127.0.0.1.
1352195562: Socket read error on client (null), disconnecting.

The config for mosquitto server:
cafile E:\rasp_certyfikaty\ca.crt
certfile E:\rasp_certyfikaty\server.crt
keyfile E:\rasp_certyfikaty\server.key
require_certificate true
use_identity_as_username true

listener 4000
max_connections -1

log_dest stdout

log_type error
log_type warning
log_type notice
log_type information
log_type debug
connection_messages true
log_timestamp true

Both client and server run on windows 7, client uses java jdk 1.7

Maybe someone dealt with such a problem and can provide any hint how to solve this? I will be very grateful

best regards,
arek

--
--
To learn more about MQTT please visit http://mqtt.org

To post to this group, send email to mq...@googlegroups.com
To unsubscribe from this group, send email to
mqtt+uns...@googlegroups.com

For more options, visit this group at
http://groups.google.com/group/mqtt

Reply all

Reply to author

Forward

0 new messages