Issue using TLS 1.3 Cipher Suites (Getting a SSL exception: closing inbound before receiving peer's close_notify)

[chigozie18]

I've configured the HiveMQ Community Edition server to use TLS. I am trying to use two TLS 1.3 cipher suites: TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 but it appears I'm consistently getting a javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify. I've tried manually adding the ciphers I want to the config.xml but the server marks these an unknown in the console window. I generated the appropriate key pair added it to the Java trust store (the cacerts file) and I had tested using a TLS 1.2 cipher suite using RSA: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (with a different certificate) and it worked without any issues. I suspect that HiveMQ is filtering out my cipher suite as I tried creating an SSL engine using and used .getEnabledCipherSuites() and .getSupportedCipherSuites() and it has the cipher suites above supported by my JVM and also the TLS 1.3 protocol. I'm leaving a link to the Stack Overflow post which explains everything in more detail and includes code and debugging information . I'm also leaving more details below.

Stack Overflow Post: https://stackoverflow.com/questions/56904682/how-to-properly-use-tls-1-3-cipher-suites-in-hivemq-getting-a-ssl-exception-c

• Affected HiveMQ CE version(s): HiveMQ CE v2019.1 (HiveMQ Client: 1.1.0, haven't tried with earlier versions but it's likely an issue on the server side)
• Used JVM version: Java 11.0.3, Java 12.0.1 (I tried both, originally Java 11.0.3 and then I upgraded to Java 12.0.1 and tried it again with no success)

[fraschbi]

Hi @chigozie18,

Thank you for providing such detailed and well structured information!
We will close this issue, as soon as we released a fix.

Kind regards,
Florian

[chigozie18]

@fraschbi Thanks, if you need any more information feel free to let me know!