We’ve been facing recurring TLS issues with Mosquitto, our MQTT broker. The clients tried to send a message and lost the connection in a random and non-reproducible manner. In the Mosquitto error log we always found the following problem:
May 8 13:40:12 ip-172-31-37-49 mosquitto[29510]: OpenSSL Error: error:140F3042:SSL routines:SSL_UNDEFINED_CONST_FUNCTION:called a function you should not call
This issue is reported on GitHub and there seems to be no solution to it yet. However wiebeytec recommended to use an NGINX stream proxy to terminate the TLS connection and forward the decrypted traffic locally to Mosquitto. This is what we did and it solved our issue too!
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
server {
listen 8883 ssl;
proxy_pass mosquitto_backend;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /opt/mqtt/broker.crt;
ssl_certificate_key /opt/mqtt/broker.key;
ssl_client_certificate /opt/mqtt/ca.crt;
ssl_verify_client on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
upstream mosquitto_backend {
server 127.0.0.1:1883;
}
}
This problem troubles me a lot and THANKS for the workaround!
Thank you, this is a lifesaver!
FML! Thank you so much! – this made it possible for me to connect Zanzito to Home Assistant Awesome!