I had seen that, but not realized that default ALL will
somehow interfere with the functioning....
There was a second thing that I had to change.
The Server URI in the MQTTClient_create function had to have
ssl instead of tcp as protocol. Although the API description
states:
Maybe it is a good Idea to extend the API documentation in
this point!
Date: Wed, 4 Feb 2015 15:06:58 +0000
From:
icraggs@xxxxxxxxxxxxxxxxxxxxxxx
To:
paho-dev@xxxxxxxxxxx
Subject: Re: [paho-dev] Paho C-Client TLSv1.1 - unknown
Protocol
P.S. you can use the protocol trace of the client to
display the diagnostic messages from OpenSSL by setting the
environment variables:
MQTT_C_CLIENT_TRACE=<ON or filename>
MQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL
This will show details of the OpenSSL handshake.
Ian
On 02/04/2015 03:03 PM, Ian
Craggs wrote:
Hi
Chris,
in the documentation for the SSL options structure,
(https://www.eclipse.org/paho/files/mqttdoc/Cclient/struct_m_q_t_t_client___s_s_l_options.html)
there is the enabledCipherSuites option, which points to
the OpenSSL documentation:
For a full explanation of the cipher list format,
please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
If this setting is ommitted, its default value will be
"ALL"
- ALL
- all cipher suites except the eNULL
ciphers which must be explicitly enabled; as of
OpenSSL, the ALL
cipher suites are reasonably ordered by default
Also in the OpenSSL Cipher Suites section there is:
TLSv1.2, TLSv1,
SSLv3
- TLS v1.2, TLS v1.0 or SSL v3.0 cipher
suites respectively. Note: there are no ciphersuites
specific to TLS v1.1.
So, you should be able to use
sslopts.enabledCipherSuites = "TLSv1.2";
for instance.
Ian
On 02/04/2015 10:49 AM,
Chris Summer wrote:
Hi all,
I am trying to use a SSL connection with the PAHO C
Client. It seems as if I just miss something!
When Using the Python API, I can use tls_version=....
In the Documentation for the C API I don't find
anything comparable.
I have set
connection_options.serverURIs="ssl://mybroker:8883"
and the client tries to connect to the mosquitto
broker, which logs:
SSL23_GET_CLIENT_HELLO:unknown protocol.
Which was the same Error I got when not specifying the
tls protocol version in Python. Is there any way in
the C API to set the SSL/TLS Version?
Did I miss anything else?
Cheers,
Chris
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev