-
Notifications
You must be signed in to change notification settings - Fork 7.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The examples/protocols/mqtt/ssl demo cannot use TLS 1.3 to connect with MQTT broker. (IDFGH-13029) #13975
Comments
Hi @robbinlu-ayla thanks for reporting. One possible work around is to use the custom transport in the mqtt client.
Other alternative would be to set only TLS 1.3 in menuconfig in the mbedTLS options, disabling TLS 1.2. |
Hi @euripedesrocha, ----------Error Log--------- |
Hi @robbinlu-ayla, static void mqtt_event_handler(void *handler_args, esp_event_base_t base,
int32_t event_id, void *event_data) {
ESP_LOGD(TAG, "Event dispatched from event loop base=%s, event_id=%" PRIi32,
base, event_id);
esp_mqtt_event_handle_t event = event_data;
esp_mqtt_client_handle_t client = event->client;
int msg_id;
esp_transport_handle_t transport = NULL;
switch ((esp_mqtt_event_id_t)event_id) {
case MQTT_EVENT_BEFORE_CONNECT:
ESP_LOGI(TAG, "MQTT_EVENT_BEFORE_CONNECT");
transport = esp_mqtt_client_get_transport(client, MQTT_OVER_SSL_SCHEME);
esp_transport_ssl_set_tls_version(transport, ESP_TLS_VER_TLS_1_3);
break;
... Our choice was to made the transport available for extra settings by adding the get function. Just be aware that the function is suposed to be called from the event handler for |
Hi @euripedesrocha, |
@robbinlu-ayla didn't understand your comment about not using components/mqtt. About the compilation issue setting only TLS 1.3, below are the settings to disable TLS v1.2:
|
@euripedesrocha Which esp-idf version could support TLS1.3? |
Hi @robbinlu-ayla, If you follow the path of creating a transport and passing it to mqtt client after setting the required configuration, it should work. If you use the latest master from mqtt client, we still need to move it to IDF and backport to older versions, you will be able to use the code presented here Could you share the errors you are facing, so I can try to help you? |
We are using IDF 5.2.1, using the below config, And we didn't use esp mqtt client components, we wrote a mqtt client(based components/mbedtls), our mqtt client cannot connect with our cloud with TLS1.3. |
@robbinlu-ayla I'm a bit confused here, since the issue is regarding one of the examples from idf that uses the mqtt client. I need you to share the logs with the errors that you are facing, so I can try to identify potential misconfiguration from your side. |
We use socket to connect to the service on the port 443, after the connection is established, it uses mbedtls_ssl_setup to setup the context for the TLS handshaking, and then use mbedtls_ssl_handshake to handshake. According to your mentioned, I think that you want us to specified TLS 1.3 in the SSL context? I have two questions,
Current, the code based a tagged commit of IDF 5.2.1. |
Hi @hawkhan / @robbinlu-ayla |
I enabled TLS 1.3 via menuconfig for examples/protocols/mqtt/ssl demo in IDF 5.2.1 SDK, but the ssl demo still used TLS 1.2 to connect with MQTT broker. I attached 2 packet data screenshot, please help to find what is the issue? how to enable TLS1.3 in IDF 5.2.1 SDK?
The text was updated successfully, but these errors were encountered: