no shared cipher with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) #2902

AndreKR · 2023-09-24T04:09:49Z

I'm connecting to Mosquitto from an ESP32 using the BearSSL library. This is the Client Hello:

Mosquitto logs:

error:140260C1:SSL routines:ACCEPT_SR_CLNT_HELLO:no shared cipher.

In my config I set

tls_version tlsv1.2
ciphers ECDHE-RSA-AES128-GCM-SHA256

but it doesn't help.

Mosquitto version 2.0.18 (Docker eclipse-mosquitto:latest)

The text was updated successfully, but these errors were encountered:

AndreKR · 2023-09-24T19:44:52Z

How to reproduce:

Configure Mosquitto for TLS:

listener 8883
certfile /mosquitto/certificates/mosquitto.crt
keyfile /mosquitto/certificates/mosquitto.key
tls_version tlsv1.2
ciphers ECDHE-RSA-AES128-GCM-SHA256

On any machine that has OpenSSL installed run: openssl s_client -cipher ECDHE-RSA-AES128-GCM-SHA256 -tls1_2 -connect mosquitto:8883

AndreKR · 2023-09-24T21:46:02Z

The error message was super misleading but I found the issue: The private key was an EC key instead of an RSA key.

AndreKR closed this as completed Sep 24, 2023

github-actions bot locked as resolved and limited conversation to collaborators Dec 24, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

no shared cipher with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) #2902

no shared cipher with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) #2902

AndreKR commented Sep 24, 2023

AndreKR commented Sep 24, 2023

AndreKR commented Sep 24, 2023

no shared cipher with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) #2902

no shared cipher with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) #2902

Comments

AndreKR commented Sep 24, 2023

AndreKR commented Sep 24, 2023

AndreKR commented Sep 24, 2023