Connecting to MQTT over TLS
300 views
Skip to first unread message
Amithpn
Jul 28, 2017, 2:14:24 AM7/28/17
to rabbitmq-users
Hi,
Am unable to connect to MQTT over TLS on port 8883 using MQTTBox client. What might be the issue with this client. I observer URL identifier going as mqtts if i try to connect over TLS using this client.
In rabbit.config file, i have added this under rabbit:
{ssl_options, [{cacertfile, "/etc/rabbitmq/CA_CERT_SHA256"},
{certfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.crt"},
{keyfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.key"},
{verify, verify_peer},
{fail_if_no_peer_cert, false},
{versions, ['tlsv1.2', 'tlsv1.1']}]},
and this under mqtt:
{tcp_listeners, [1883]},
{ssl_listeners, [8883]}
This works well with java client which uses URL identifier as ssl for TLS and with setting SslContext as TLS protocol version v1.1/v1.2. But not with MQTTBox client which uses mqtts as URL identifier when it tries to connect. What all identifiers does rabbitmq supports for MQTT?
Please suggest me what im doing wrong? Thanks in advance.
Am unable to connect to MQTT over TLS on port 8883 using MQTTBox client. What might be the issue with this client. I observer URL identifier going as mqtts if i try to connect over TLS using this client.
In rabbit.config file, i have added this under rabbit:
{ssl_options, [{cacertfile, "/etc/rabbitmq/CA_CERT_SHA256"},
{certfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.crt"},
{keyfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.key"},
{verify, verify_peer},
{fail_if_no_peer_cert, false},
{versions, ['tlsv1.2', 'tlsv1.1']}]},
and this under mqtt:
{tcp_listeners, [1883]},
{ssl_listeners, [8883]}
This works well with java client which uses URL identifier as ssl for TLS and with setting SslContext as TLS protocol version v1.1/v1.2. But not with MQTTBox client which uses mqtts as URL identifier when it tries to connect. What all identifiers does rabbitmq supports for MQTT?
Please suggest me what im doing wrong? Thanks in advance.
Michael Klishin
Jul 28, 2017, 11:19:42 AM7/28/17
to rabbitm...@googlegroups.com
Please start with this TLS troubleshooting guide:
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
MK
Staff Software Engineer, Pivotal/RabbitMQ
Amithpn
Aug 3, 2017, 2:24:47 AM8/3/17
to rabbitmq-users
Im getting below error now:
=ERROR REPORT==== 3-Aug-2017::02:13:56 ===
** Generic server <0.31777.12> terminating
** Last message in was {inet_async,
{sslsocket,
{gen_tcp,#Port<0.64900>,tls_connection,
<0.1000.0>},
<0.31774.12>},
#Ref<0.0.524290.226279>,
{ok,<<16,77,0,4,77,81,84,84,4,194,0,10,0,49,100,
100,99,49,57,55,99,98,45,53,56,49,97,45,52,
102,97,57,45,97,49,55,56,45,54,55,50,52,53,
99,48,100,99,52,99,57,49,53,48,49,55,52,48,
56,50,54,51,53,55,0,6,99,100,112,99,100,112,
0,6,99,100,112,99,100,112>>}}
** When Server state == {state,
{sslsocket,
{gen_tcp,#Port<0.64900>,tls_connection,<0.1000.0>},
<0.31774.12>},
"135.250.128.55:60446 -> 10.10.5.215:8883",true,
false,running,
{none,none},
<0.31776.12>,false,none,
{proc_state,
{sslsocket,
{gen_tcp,#Port<0.64900>,tls_connection,<0.1000.0>},
<0.31774.12>},
{dict,0,16,16,8,80,48,
{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]},
{{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],
[]}}},
{undefined,undefined},
{0,nil},
{0,nil},
undefined,1,undefined,undefined,undefined,
{undefined,undefined},
undefined,<<"amq.topic">>,none,undefined,undefined,
#Fun<rabbit_mqtt_processor.0.25248692>}}
** Reason for termination ==
** {{badmatch,{cipher_suite,{ecdhe_rsa,aes_128_gcm,null,sha256}}},
[{amqp_direct_connection,ssl_info,1,
[{file,"src/amqp_direct_connection.erl"},
{line,197}]},
{amqp_direct_connection,maybe_ssl_info,1,
[{file,"src/amqp_direct_connection.erl"},
{line,189}]},
{amqp_direct_connection,socket_adapter_info,2,
[{file,"src/amqp_direct_connection.erl"},
{line,185}]},
{rabbit_mqtt_processor,process_login,4,
[{file,"src/rabbit_mqtt_processor.erl"},
{line,421}]},
{rabbit_mqtt_processor,process_request,3,
[{file,"src/rabbit_mqtt_processor.erl"},
{line,86}]},
{rabbit_mqtt_reader,process_received_bytes,2,
[{file,"src/rabbit_mqtt_reader.erl"},{line,238}]},
{gen_server2,handle_msg,2,[{file,"src/gen_server2.erl"},{line,1049}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
My rabbitmq.config file ssl changes are like below:
[
{rabbit,
{ssl_options, [{cacertfile, "/etc/rabbitmq/CA_CERT_SHA256"},
{certfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.crt"},
{keyfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.key"},
{verify, verify_peer},
{fail_if_no_peer_cert, false},
{versions, ['tlsv1.2', 'tlsv1.1']}]}
},
{rabbitmq_mqtt,
{tcp_listeners, [1883]},
{ssl_listeners, [8883]}
].
Appreciate yours help.
On Friday, July 28, 2017 at 8:49:42 PM UTC+5:30, Michael Klishin wrote:
Please start with this TLS troubleshooting guide:
On Fri, Jul 28, 2017 at 9:14 AM, Amithpn <amitn...@gmail.com> wrote:
Hi,
Am unable to connect to MQTT over TLS on port 8883 using MQTTBox client. What might be the issue with this client. I observer URL identifier going as mqtts if i try to connect over TLS using this client.
In rabbit.config file, i have added this under rabbit:
{ssl_options, [{cacertfile, "/etc/rabbitmq/CA_CERT_SHA256"},
{certfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.crt"},
{keyfile, "/etc/rabbitmq/mfussip02.iot.nokia.com.key"},
{verify, verify_peer},
{fail_if_no_peer_cert, false},
{versions, ['tlsv1.2', 'tlsv1.1']}]},
and this under mqtt:
{tcp_listeners, [1883]},
{ssl_listeners, [8883]}
This works well with java client which uses URL identifier as ssl for TLS and with setting SslContext as TLS protocol version v1.1/v1.2. But not with MQTTBox client which uses mqtts as URL identifier when it tries to connect. What all identifiers does rabbitmq supports for MQTT?
Please suggest me what im doing wrong? Thanks in advance.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Klishin
Aug 3, 2017, 7:50:38 AM8/3/17
to rabbitm...@googlegroups.com
What version of RabbitMQ is it with? I don't see why {} would not match
what's on the line in question in stable:
There was an issue around cipher suite format matching in 3.6.0 that was addressed in 3.6.2:
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
Amithpn
Aug 4, 2017, 3:46:22 AM8/4/17
to rabbitmq-users
I will update to latest RMQ v3.6.10 and i have already installed erlang 19.3. Hope after update this issue resolves for me.
Thanks for the help
Amithpn
Aug 7, 2017, 11:29:12 AM8/7/17
to rabbitmq-users
After updating RMQ to v3.6.10 and erland 19.3, it worked for me
Thanks for the timely support MK
Reply all
Reply to author
Forward
0 new messages