-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS support #8
Comments
seems I will have do to some more reading |
Trying SecureConnection
on server OpenSSL Error: error:1408F10B:SSL routines:SSL3_CLIENT_HELLO:wrong version number
on server OpenSSL Error: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure |
Eyes Opening Article (in German) Will try to work with API Permissions |
Works! (with mosquitto running tlsv1) Setting API permissions did it:
|
W000t! |
Reading wm_java_user_guide_v19.pdf (part of the Cinterion Package) chapter 11.1, I think we have to install the server's ca certificate in the module. Or, we should assume it works because certificate checking is off: Or, We need certificates with sha1 signature. Java Security supports a sha1 signature of the |
Not in mode1. Mode2 (with CA cert) allows for more trust, but I feel that's (The joys of keytool: beings back fond cough memories...) Have you looked at 11.4.3? This looks very relevant. In particular state=0 Don't enable the module's 'secure' mode; that won't end well.... |
I obviously have no clue of Java, but I think this is relevant. In any case ignore everything that has to do with signing our app -- we don't want that, at least not yet! From this:
The PDF also shows how to do that in Netbeans. |
Re 11.4.3: probably my english is not good enough, but I don't understand: How does the device know if the cert is valid without a list of trusted CAs? 0 The HTTPS connection or Secure Connection is possible if the server certificate (or certificate chain) is valid (default)and no, I won't enable secure mode |
It just says "if the server certificate is valid". IMO that simply means if it isn't corrupt. There is no mention whatsoever of a valid chain, in other words, it sounds to me as though they won't verify anything, which is fine. Well, sort of fine. :-) |
I've just run
0 = java security mode not active |
same here Did some testing: connect to apache2 https (443) works What can we do to setup mosquitto to work like apache2
|
some more do we have SH1withRSA algorithm in our mosquitto ssl certs?
|
Trying to build gw with current paho library and what they call jmeclient. Library is dated 2014, while we are using a 2012 version of the code. New library is build on new Java features like java.util.Properties, which our jdk/jre do not support. Possibilities:
|
No idea if this'll work, but fusesource say they support TLS |
looks good, but is not suitable for our ancient java version |
Works now, was a small problem in com.m2mgo.net.SSLSocketFactory not overriding the createSocket method of TCPSocketFactory. |
OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
The text was updated successfully, but these errors were encountered: