I’m trying to use the broker with Tasmota, a popular FOSS firmware for IoT devices.
I’ve compiled the firmware for Tasmota from source, enabling TLS, ECC, and a setting that should make LetsEncrypt certs “just work.” (My broker host uses LE, and I pass the cafile/keyfile via config.)
I’ve compiled Mosquitto from source as part of a Dockerized build.
I can talk to the broker using
mosquitto_sub just fine (forcing either TLS v1.2 or v1.3), but whenever my IoT device tries to say hello, it reports a handshake failure, and the broker says:
OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
which is odd. Tasmota should be offering
ECDHE_RSA_WITH_AES_128_GCM_SHA256 as a cipher via TLSv1.2, according to documentation.
I feel like there must be something obvious that I’m missing.
1a. Could my IoT client be offering an unencrypted connection, and is thus failing the handshake?
1b. Is there a more obvious reason the handshake is failing, and I’m missing it…
2. Do I have something wrong in the
I have been digging at this for a while, and have reached the point where I think I’m missing something very obvious.