-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The client and server cannot communicate, because they do not possess a common algorithm #1095
Comments
In regards to TLSv1.2, it looks like theres an issue with it trying to connect to the revocation server which is odd since the server is running and the links are correct in the certificates, but is also an issue I can manage separately. I still cannot seem to figure out why 1.3 doesn’t work but I would like to know if there is a way to find what algorithms are able to be / are actually being tried by the system and if there might be something else Im missing. |
That is strange. I had the same error and just downgraded the server to TLS1.2 explicitely in the options and the client as well, e.g.: Client: var options = new MqttClientOptionsBuilder()
.WithClientId("ClientId")
.WithTcpServer("mybroker.com", 8883)
.WithCredentials("Username", "Password")
.WithTls(new MqttClientOptionsBuilderTlsParameters()
{
UseTls = true,
SslProtocol = SslProtocols.Tls12
})
.WithCleanSession()
.Build();
var factory = new MqttFactory();
var mqttClient = factory.CreateMqttClient();
await mqttClient.ConnectAsync(options); Server: var optionsBuilder = new MqttServerOptionsBuilder()
.WithoutDefaultEndpoint()
.WithEncryptedEndpoint()
.WithEncryptedEndpointPort(8883)
.WithEncryptionSslProtocol(SslProtocols.Tls12);
var mqttServer = new MqttFactory().CreateMqttServer();
await mqttServer.StartAsync(optionsBuilder.Build()); (Of course some more logic like adding certificates, if needed). But this worked for me... |
Happened to me also, but when changed to Tls12, I'm getting a different error:
Still investigating. Note that I'm using .Net Core 3.1. |
So I was trying to use TLS with credentials only. Works when toggling TLS off. Will test later with certificates and TLS. |
needed because dotnet/MQTTnet#1095
Faced the same issue with TLS1.3, was following this doc, the certificate created with openssl var tlsOptions = new MqttClientOptionsBuilderTlsParameters
{
UseTls = true,
SslProtocol = SslProtocols.Tls13,
AllowUntrustedCertificates = true,
IgnoreCertificateChainErrors = true,
IgnoreCertificateRevocationErrors = true,
};
_options = new MqttClientOptionsBuilder()
.WithTcpServer("localhost", 8883)
.WithClientId("some_id")
.WithCredentials("login", "pass")
.WithProtocolVersion(MqttProtocolVersion.V500)
.WithTls(tlsOptions)
.Build(); getting this:
|
This is probably due to TLS 1.2 -> TLS 1.3 changes. |
@amelkor That's correct since you're using If you follow my code above (#1095 (comment)), this should work properly... |
This is also pretty bad as this causes connections to MQTT brokers to fail when the server doesn't support TLS 1.3. Here (and in a few other places), the only supported TLS Version (by default) is set to TLS 1.3: This causes all connections to TLS 1.2 Brokers to fail by default after upgrading to MQTTnet version v3.0.14 (on .NET Core >3.1). In my opinion (and, reading the docs, in Microsoft's Opinion as well), the default should be
|
From a library user perspective, it just doesn't make sense to force any TLS standard here, really. Just like you don't expect HttpClient to just throw exceptions because the HTTPS server doesn't support TLS 1.3 (it is of course okay to throw if the server only supports insecure standards). This is also reinforced by the number of issues in this repo regarding this single issue (see #1231, #1207, #1211 and possibly more). |
Describe your question
I recently shifted a project from .Net Core 3.1 to .Net 5.0 and updated MQTTNet to 3.0.14. Since making the change, I have been unable to use the MQTTNet client to connect to my Mosquitto broker. During the call to ConnectAsync, the code throws the exception: "The client and server cannot communicate, because they do not possess a common algorithm".
I am not sure why this is happening after the upgrade, one thought I had was to back the TLS version down to v1.2 instead of 1.3, but I get a remote certificate validation error (also new since the root for that certificate is in my Trusted Root Certificate Authority store and nothing on the other end changed)
I am running it on my (Windows) development computer, and have yet to try it on an Ubuntu box (same as the production server)
For reference, the MQTTClient options:
The Mosquitto v2.0.7 config:
Which project is your question related to?
The text was updated successfully, but these errors were encountered: