aws-amplify / aws-sdk-android

AWS SDK for Android. For more information, see our web site:
https://docs.amplify.aws
Other
1.03k stars 549 forks source link

MqttException (0) - java.io.IOException: WebSocket Response header: Invalid response from Server, It may not support WebSockets. #3646

Open kushagrakumar27 opened 2 weeks ago

kushagrakumar27 commented 2 weeks ago

Language: Kotlin

Gradle dependencies:

implementation("org.eclipse.paho:org.eclipse.paho.client.mqttv3:1.2.5")
implementation("org.eclipse.paho:org.eclipse.paho.android.service:1.1.1")
implementation("com.amazonaws:aws-android-sdk-iot:2.77.0")

Description:

I am using Custom authorizer to establish connection to MQTT broker (configured on AWS IoT domain). The domain is configured as follows:

Security policy - loTSecurityPolicy_TLS12_1_2_2022_10
Authentication type - Custom authorizer
Application protocol - Secure MQTT

I have attached the MQTT_log_exception file which contains the IOException that I am getting. MQTT_log_exception.txt

mattcreaser commented 2 weeks ago

Hi @kushagrakumar27. For IoT we strongly recommend you switch to the AWS IoT Device SDK for Java v2 - that library is very actively maintained and you will be able to get better support there. They have documentation about using that library on Android.

In terms of this specific exception, it's coming from the underlying Paho Client. There's not a lot of visibility into what is going wrong, but it seems that this error can result from issues authenticating the connection.

kushagrakumar27 commented 2 weeks ago

Hi @mattcreaser. Thanks for the library suggestion. Does com.amazonaws:aws-android-sdk-iot support only MQTT over secure websockets as the Application protocol, or does it also support Secure MQTT (that uses TLS)?

mattcreaser commented 2 weeks ago

Hi @kushagrakumar27. I have pretty limited knowledge of this library, but I believe the answer is "both", but in your case it would probably only be websocket.

Looking at the source code, when connecting with a KeyStore instance, we can see that the client connects via TLS on port 8883 (Secure MQTT) or 443.

When connecting via a custom authorizer it looks like it uses secure websockets.