I am unable to get PSK TLS to work. PKI TLS works fine so it's not a show stopper for me.
I'm running mosquitto with the following config.
connection_messages true
per_listener_settings true
listener 8883
socket_domain ipv4
psk_hint myfavoriteapple
psk_file /home/teh/hackware/mosquitto/psk.identities
use_identity_as_username false
password_file /home/teh/hackware/mosquitto/tpasswords
mosquitto_sub connects just fine
mosquitto_sub \
-p 8883 \
-i trucker -t home \
--psk `cat ken.psk` \
--psk-identity ken \
-u ken \
-P 'Ar+++4um'
but paho_c_sub with the same cli args fails to connect.
paho_c_sub \
-c ssl://127.0.0.1:8883 \
-i trucker -t home \
--psk `cat ken.psk` \
--psk-identity ken \
-u ken \
-P 'Ar+++4um'
The mosquitto broker says
1654609477: New connection from 127.0.0.1:56552 on port 8883.
1654609477: OpenSSL Error[0]: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1654609477: Client <unknown> disconnected: Protocol error.
Ok, no shared cipher. So I specify a ciphers in to mosquitto config. Same as above but with
ciphers RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256
added to the config file. Then, I add the '--ciphers' option to both and . Now both utilities don't work with the same error 'no shared cipher'. Btw, I selected the ciphers from the list printed out by .
I'm going to dig a little into the mosquitto code to see why it works in the first case with no ciphers specified and not the latter. Seems to me either I don't know how to use the utilities or there's some mismatch between paho.mqtt and mosquitto codes when it comes to PSK handling.
I'm tossing this out now in the hopes someone knows the answer. As I said, PKI TLS works so it's no a show stopper., though my initial preference was to use PSK.
One more thing: I wrote my own paho subscriber using the paho c libraries. It has the exact same error: 'no shared ciphers'.
] 
Search
Help
Register
Login
Home
