mosquitto

Warning TLS/TLS-PSK support not available

Asked by Paul Arnaudo

Hi there,

I have a client that is using TLS-PSK and is attempting to connect to Mosquitto. I can see the traffic coming through, but when I try and specify a psk_file in the mosquitto.conf and then boot up the server i get:

Warning: TLS/TLS-PSK support not available.

My conf looks like this:
listener 8883
tls_version tlsv1
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/ca.crt
keyfile /etc/mosquitto/ca.key
require_certificate false
psk_file /etc/mosquitto/ruckus-pw.lbs

I can't change what the client is sending me as it's proprietary. I can see the traffic coming through, but I can't subscribe and still see a socket error like the following:

1423251810: Received UNSUBSCRIBE from Euclid-Ruckus.ls_br_conn_2C5D93188F72_1460937699
1423251810: 2.1/LOC/spongebob-ruckus/+/MGR
1423251810: Euclid-Ruckus.ls_br_conn_2C5D93188F72_1460937699 2.1/LOC/spongebob-ruckus/+/MGR
1423251869: Socket read error on client Euclid-Ruckus.ls_br_conn_2C5D93188F72_1460937699, disconnecting.

 Any advice on how to ensure TLS/TLS-PSK support? Thanks a bunch

Question information

Language:
English Edit question
Status:
Solved
For:
mosquitto Edit question
Assignee:
No assignee Edit question
Solved by:
Paul Arnaudo
Solved:
Last query:
Last reply:
Revision history for this message
Roger Light (roger.light) said : 		#1

TLS-PSK support requires a sufficiently recent version of openssl - 1.0 or later. My guess is that you're using packaged versions from build.opensuse.org and are running on SLES 10, 11, or RHEL 5. They have TLS-PSK disabled.

The way to fix it is install openssl >=1.0 and recompile mosquitto without disabling TLS-PSK (this is the default).

Revision history for this message
Paul Arnaudo (parnaudo) said : 		#2

Good call. My version was OpenSSL 1.0.0a-fips which apparently is not supported. When I rebuilt with OpenSSL 1.0.1k-fips I had no problems. Thanks a bunch for the help!