I am working on an application that requires TLS v1.3 & MQTT v5.0, and I have to build mosquitto MQTT brokers and subscribers, on Debian system of different physical hosts, as part of my work.

From mosquitto Github repository, I managed to build mosquitto libraries (v1.6.7) & binary tools (and its README.md describes that TLS is enabled at build time by default) :

make WITH_DOCS=no
make install WITH_DOCS=no

I also set up CA certificates / server certificates (for the MQTT broker) , and modified mosquitto.conf (learn from here). When I tried to publish a message to my MQTT brokers , I got following error :

mosquitto_pub -d --tls-version tlsv1.3 --cafile ./ca.crt -i rpi3peer -V mqttv5 -h 123.45.6.78 -p 8883 -u MY_BROKER_NAME -P BROKER_PASSWD -t "topic/placed/here" -m "put some messsage"
> Error: Protocol tlsv1.3 not supported

On the MQTT broker, it was just establishing a new connection at TCP level, then immediately closed, I also captured few packets between the broker and client using Wireshark, but there's no TLS v1.3 packet from there.

How could I deal with this issue ?

1 Answer

Answer my own question. After reading through net_mosq.c from this commit of mosquitto repository, it turns out that one more parameter has to be included : SSL_OP_NO_TLSv1_3 at build time, the build command will be :

make WITH_DOCS=no CPPFLAGS="-DSSL_OP_NO_TLSv1_3"
sudo make install WITH_DOCS=no

then start mosquitto MQTT broker & publisher again with the same commands mosquitto, mosquitto_pub (detail in my post above) , now it works well.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.