I had seen that, but not realized that default ALL will somehow interfere with the functioning....
There was a second thing that I had to change.
The Server URI in the MQTTClient_create function had to have ssl instead of tcp as protocol. Although the API description states:
Date: Wed, 4 Feb 2015 15:06:58 +0000
From: icraggs@xxxxxxxxxxxxxxxxxxxxxxx
To: paho-dev@xxxxxxxxxxx
Subject: Re: [paho-dev] Paho C-Client TLSv1.1 - unknown Protocol
P.S. you can use the protocol trace of the client to display the
diagnostic messages from OpenSSL by setting the environment
variables:
MQTT_C_CLIENT_TRACE=<ON or filename>
MQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL
This will show details of the OpenSSL handshake.
Ian
On 02/04/2015 03:03 PM, Ian Craggs
wrote:
Hi Chris,
in the documentation for the SSL options structure,
(https://www.eclipse.org/paho/files/mqttdoc/Cclient/struct_m_q_t_t_client___s_s_l_options.html)
there is the enabledCipherSuites option, which points to the
OpenSSL documentation:
For a full explanation of the cipher list format, please
see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
If this setting is ommitted, its default value will be "ALL"
- ALL
-
all cipher suites except the eNULL
ciphers which must be explicitly enabled; as of OpenSSL,
the ALL cipher suites are
reasonably ordered by default
Also in the OpenSSL Cipher Suites section there is:
TLSv1.2, TLSv1,
SSLv3
-
TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites
respectively. Note: there are no ciphersuites specific to
TLS v1.1.
So, you should be able to use
sslopts.enabledCipherSuites = "TLSv1.2";
for instance.
Ian
On 02/04/2015 10:49 AM, Chris Summer
wrote:
Hi all,
I am trying to use a SSL connection with the PAHO C Client. It
seems as if I just miss something!
When Using the Python API, I can use tls_version=....
In the Documentation for the C API I don't find anything
comparable.
I have set connection_options.serverURIs="ssl://mybroker:8883"
and the client tries to connect to the mosquitto broker, which
logs:
SSL23_GET_CLIENT_HELLO:unknown protocol.
Which was the same Error I got when not specifying the tls
protocol version in Python. Is there any way in the C API to
set the SSL/TLS Version?
Did I miss anything else?
Cheers,
Chris
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev