New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DHE cipher suites does not work #1476
Comments
How did you solve that? |
Well, I haven't, this is still a problem.. |
I'm having this problem too while attempting to connect using MQTT Explorer. It connects works perfectly to connect from a Win Server2012R2 (build 9600) but when connecting from my Win10 machine (1909, build 18363.657) I get the same error shown above. Excerpt from my mosquitto.log:
Mosquitto config is setup for certificates only, and I used the exact same certs copied from one machine to the other. Mosquitto (1.6.8-0mosquitto1~buster1) installed on Ubuntu server (Linux version 4.15.0-46-generic (buildd@lgw01-amd64-038) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) |
Have this issue too and seems, it is just mosquitto error. As host, using Ubuntu 16.04, installed only official deb packages mosquitto version 1.4.8 (build date Tue, 18 Jun 2019) Issue consists in: Alert message from MQTT server instead of sending Server Hello packet. MQTT broker prints errors in the console:
In the same time, client and broker have shared cipher suite (in my case - 0x006B), this is seen from Client Hello message and options in the mosquitto config. Please check mosquitto config, it uses the same files and settings:
For connections, used openssl client: Results of testing: |
This meant ciphers using DHE couldn't be used. Closes eclipse#1925. Closes eclipse#1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
This meant ciphers using DHE couldn't be used. Closes eclipse#1925. Closes eclipse#1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
when limiting the cipher suites to some DHE suite, e.g.,
DHE-PSK-AES256-CCM
DHE-PSK-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
,mosquitto logs the following error message:
Using any of the ECDHE suites, there is no problem. The problem arises for PKI aswell.
mosquitto.conf:
Testing both with the
mosquitto_pub
command aswell as running an MQTT client on an ESP32 results in the same error.mosquitto version 1.4.10 on debian.
EDIT:
verified that the problem occurs with mosquitto version 1.6.7 too.
The text was updated successfully, but these errors were encountered: