The examples/protocols/mqtt/ssl demo cannot use TLS 1.3 to connect with MQTT broker. (IDFGH-13029)

[robbinlu-ayla]

I enabled TLS 1.3 via menuconfig for examples/protocols/mqtt/ssl demo in IDF 5.2.1 SDK, but the ssl demo still used TLS 1.2 to connect with MQTT broker. I attached 2 packet data screenshot, please help to find what is the issue? how to enable TLS1.3 in IDF 5.2.1 SDK?

[euripedesrocha]

Hi @robbinlu-ayla thanks for reporting. The issue here is that the version should be set through the transport layer and mqtt client doesn't offer the option. I'm working on the solution to make it easier for users to set options to the transport in use.

One possible work around is to use the custom transport in the mqtt client. The steps would be:

• create a ssl transport using esp_transport_ssl_init
• set all the required options using the esp_transport API
• Pass the transport configured as an option to esp_mqtt_client_init through the configuration field network.transport.

Other alternative would be to set only TLS 1.3 in menuconfig in the mbedTLS options, disabling TLS 1.2.

[robbinlu-ayla]

Hi @euripedesrocha, I tried enable TLS 1.3 and disable TLS 1.2 in menuconfig, then build the ssl example, but got an error, could you try it and give us a solution how to enable TLS 1.3? [ ] Support TLS 1.2 protocol [*] Support TLS 1.3 protocol

----------Error Log--------- /Users/robbin/work/modul32/bc/build/pkg/ada-esp-idf/espressif/components/esp-tls/esp_tls_mbedtls.c: In function 'set_client_config': /Users/robbin/work/modul32/bc/build/pkg/ada-esp-idf/espressif/components/esp-tls/esp_tls_mbedtls.c:722:5: error: implicit declaration of function 'mbedtls_ssl_conf_renegotiation'; did you mean 'mbedtls_ssl_conf_legacy_renegotiation'? [-Werror=implicit-function-declaration] 722 | mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED); | ^~~~~~~~~~ | mbedtls_ssl_conf_legacy_renegotiation