Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Irregular SSL Errors #17

Open
clcore opened this issue Mar 28, 2018 · 4 comments
Open

Irregular SSL Errors #17

clcore opened this issue Mar 28, 2018 · 4 comments

Comments

@clcore
Copy link

clcore commented Mar 28, 2018

Hi,

First of all: I am using a Particle Electron and the current version (0.2.14) of the MQTT-TLS Library.

I am having problems getting a MQTT connection with TLS encryption stable. Without encryption it seems to work great. However, if I use TLS, I get SSL error messages from the broker at irregular intervals. I tested with two different brokers.

Here is a short excerpt from the log output:
Self-hosted VerneMQ:
2018-03-27 16:29:26.770 [error] <0.5251.6> SSL: {connection,{alert,2,20,{"ssl_cipher.erl",300},decryption_failed}}: ssl_connection.erl:861:Fatal error: unexpected message 2018-03-27 16:33:45.735 [error] <0.5477.6> SSL: {connection,{alert,2,20,{"ssl_cipher.erl",300},decryption_failed}}: ssl_connection.erl:861:Fatal error: unexpected message
Mosquitto as cloud service:
2018-03-27 17:02:16: OpenSSL Error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac 2018-03-27 17:19:14: OpenSSL Error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

After these error messages, the broker breaks the connection and the set keepalive starts to run. Then the last will is sent.
In addition, I also noticed that strange characters land on the broker. So unreadable characters in both the topic and in the message. I'm not sure if they came via the SSL or non-SSL port.
Are there ideas what go wrong here?
@hirotakaster
Copy link
Owner

Hi @clcore

Your application MQTT(TLS) works with iot.ecilpse.org? check the a1-example.ino example.
I think this error maybe certificate file or cipher suite algorithm miss-match, maybe it did not success the TLS handshake(TCP connection is success, but TLS connection is fail).

@clcore
Copy link
Author

clcore commented Mar 28, 2018

Thank you for the feedback!

For me, it seems like the TLS connection is basically working, because the client can connect and send messages. After a certain period of time (which varies), then comes just the SSL error described above and the client is disconnected.
I can also test my firmware with iot.eclipse.org within the next hours and post the result.

@clcore
Copy link
Author

clcore commented Mar 28, 2018

Unfortunately, I'm not sure how to use iot.eclipse.org to test it properly. If I'm right, that's just a public broker, right? I do not really want to publish there, and besides, I can not watch logs, right?

As I have already written, the connection establishment (TLS handshake) works and the client can publish messages for some time without problems. Only after a certain time, the SSL error occur and the connection aborts...

@hirotakaster
Copy link
Owner

yes, check the iot.eclipse.org connection is simple test on your environment.
If a1-example.ino works long time on your electron, I think your problem is cipher suite or something else bug.(FYI: on my photon, sample application work over a few hours with iot.ecilpse.org, aws iot, test.mosquitto.org)

More over, you could check the TLS packet with WireShark or tcpdump command for which TLS packet is fault or not with your certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hirotakaster @clcore