Open tka85 opened 5 months ago
Dear @tka85,
thanks a stack for reporting this flaw. You might have discovered a bug, which should be addressed properly.
To confirm: This is the error you are observing, regardless how you adjust the value of the tls_version
setting in mqttwarn.ini
?
error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version.
With kind regards, Andreas.
That is correct.
The relevant code is that:
Can you try to edit it on your local installation, and report back how it goes when using tls_version=None
instead, for example? Or isn't that possible, because you might be running mqttwarn as a container through Docker, Podman, Kubernetes, or friends?
NB: Ramping up a TLS-based environment takes a bit of effort, because the test sandbox of mqttwarn doesn't have it, yet. That's why we try to offload as much debugging matters on this topic as possible to your end, ;] and ask for your understanding about it. That being said, it would certainly be helpful to actually have a TLS-based integration test scenario. However, that will need corresponding enhancements to pytest-mqtt beforehand.
Yes, it's not possible. As mentioned initially, all is running as docker containers. And also since that was some time ago, we opted to use another broker. Mosquitto project was non-responsive and could not risk using a broker without any support (OS or otherwise).
Ah okay. What are you exactly referring to like "it's not possible"? You mean this isn't related to mqttwarn at all, and you can't connect to Mosquitto using TLS by any other means as well?
Or did you edit the code, as suggested, and it still isn't working? By chance, did you try to toggle tls_insecure
, to remedy any eventual host name validation issues?
Or isn't that possible, because you might be running mqttwarn as a container through Docker, Podman, Kubernetes, or friends?
Yes, it's not possible.
Ah, right. Thanks!
I have seen this issue but setting the value of
tls_version
in mqttwarn.ini, doesn't solve it.Both mosquitto and mqttwarn are in single docker-compose.yaml. Using mqttwarn-full:latest image.
For both ini values
tls_version = 'tlsv1_1'
andtls_version = 'tlsv1_2'
, the compose logs are the same:The
mosquitto.conf
is:Also makes no difference if in
mqttwarn.ini
the value ofprotocol
is 3 or 4.What am I missing? Should I downgrade to pre-2 mosquitto?