I am working on an application that requires TLS v1.3 & MQTT v5.0, and I have to build mosquitto MQTT brokers and subscribers, on Debian system of different physical hosts, as part of my work.
From mosquitto Github repository, I managed to build mosquitto libraries (v1.6.7) & binary tools (and its README.md describes that TLS is enabled at build time by default) :
make WITH_DOCS=no
make install WITH_DOCS=noI also set up CA certificates / server certificates (for the MQTT broker) , and modified mosquitto.conf (learn from here). When I tried to publish a message to my MQTT brokers , I got following error :
mosquitto_pub -d --tls-version tlsv1.3 --cafile ./ca.crt -i rpi3peer -V mqttv5 -h 123.45.6.78 -p 8883 -u MY_BROKER_NAME -P BROKER_PASSWD -t "topic/placed/here" -m "put some messsage"
> Error: Protocol tlsv1.3 not supportedOn the MQTT broker, it was just establishing a new connection at TCP level, then immediately closed, I also captured few packets between the broker and client using Wireshark, but there's no TLS v1.3 packet from there.
How could I deal with this issue ?
1 Answer
Answer my own question. After reading through net_mosq.c from this commit of mosquitto repository, it turns out that one more parameter has to be included : SSL_OP_NO_TLSv1_3 at build time, the build command will be :
make WITH_DOCS=no CPPFLAGS="-DSSL_OP_NO_TLSv1_3"
sudo make install WITH_DOCS=nothen start mosquitto MQTT broker & publisher again with the same commands mosquitto, mosquitto_pub (detail in my post above) , now it works well.
