Tag Archives: mosquitto log Error

[Solved] mosquitto log Error: SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error

Problem description

The following errors occurred in the TLS/SSL of mosquitto during the test today, indicating that the error occurred in the TLS version:

I know that the default tls version of mosquitto_pub and mosquitto_sub is tlsv1.2, however, the version of openssl in my virtual machine is 1.1.1, and the tls_version tlsv1.1 is configured in mosquitto.conf (one-way authentication is configured here, two-way authentication is also (here the configuration is one-way authentication, two-way authentication is also applicable), so there will be tls version error.


Solution:

For C programs of mosquitto library
Use the API mosquitto_tls_set() before attaching mosquitto_tls_opts_set(), this API can set the corresponding tls version of the client, note that the tls version defaults to tlsv1.2.

The code is as follows:

int    rc = -1;

rc = mosquitto_tls_opts_set(mosq, 1, "tlsv1.1", NULL);
if( rc != MOSQ_ERR_SUCCESS )
{
    printf("mosquitto_tls_opts_set failure.\n");
    exit(1);
}

rc = mosquitto_tls_set(mosq, CAFILE, CAPATH, CERTFILE, KEYFILE, NULL);
if( rc != MOSQ_ERR_SUCCESS )
{
    printf("mosquitto_tls_set failure.\n");
    exit(1);
}

On the mosquitto command line

The following is the test of one-way authentication (in case of two-way authentication, add the certificate and key by yourself)

mosquitto_ pub -h 192.168.222.130 -p 8884 -t “hello” -m “hi sub” –tls-version tlsv1. 1 –cafile ./ ca/ca.crt

mosquitto_ sub -h 192.168.222.130 -p 8884 -t “hello” –tls-version tlsv1. 1 –cafile ./ ca/ca.crt

If the problem is solved successfully, it can be connected normally: